Connection reset by peer Status 400

My domain is:

I ran this command:

It produced this output:

My web server is (include version):
nginx 1.23.1

The operating system my web server runs on is (include version):
Win server 2019

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


But Win-ACME failed with the following output:

First chance error calling into ACME server, retrying with new nonce...
Cached order has status invalid, discarding
[] Authorizing...
[] Authorizing using http-01 validation (FileSystem)
Answer should now be browsable at
Preliminary validation failed because 'An error occurred while sending the request.'
[] Authorization result: invalid
[] {
"type": "urn:ietf:params:acme:error:connection",
"detail": " Fetching Connection reset by peer",
"status": 400
[] Deactivating pending authorization

1 Like

@Vscpp Welcome to the community

You are another one affected by a Palo Alto Networks brand firewall. They changed a default setting in their gear earlier this year and we have seen this regularly.

You should talk to your network admins and have them change the Application Rule for "ACME protocol".

As a test, the below request should reply with a 404 Not Found. Instead, it gets the "reset by peer" error. In your case, you must use the -A as shown as that is the user-agent used by Let's Encrypt servers. You can use this sample curl and URL to test the setting was changed properly

curl -I -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +"
curl: (56) Recv failure: Connection reset by peer

Should get this, even with that -A value, instead
curl -I
HTTP/1.1 404 Not Found
Server: nginx/1.23.1
Date: Tue, 13 Sep 2022 14:13:40 GMT

Thanks MikeMcQ, the problem solved!!!!!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.