Connection reset by peer

tianxiadys · May 16, 2023, 3:21pm

I encountered the "Connection reset by peer" problem. I used WireShark to capture packets. I found that the connection was established correctly, but after my server completed the response, the Let's Encrypt server sent an RST to reset the connection, causing the connection to fail.

tianxiadys · May 16, 2023, 3:26pm

Subsequently, Let's Encrypt initiated another request from a different IP address, but this time the request was shorter. Before my server sent a response, it received an RST.

rg305 · May 16, 2023, 3:38pm

Hi @tianxiadys, and welcome to the LE community forum

Please show the logfile:
/var/log/letsencrypt/letsencrypt.log

tianxiadys · May 16, 2023, 3:40pm

1.pcap (80.9 KB)
letsencrypt.log.txt (57.1 KB)

rg305 · May 16, 2023, 3:46pm

I'm seeing:
curl: (56) Recv failure: Connection reset by peer
for all HTTP connections to your site.

You may be capturing packets on the wrong side of the firewall.

tianxiadys · May 16, 2023, 3:57pm

You are right, but that may be because my server was not listening on port 80. Now I have started nginx to listen to it. Please try again.

rg305 · May 16, 2023, 3:59pm

They changed to:
curl: (52) Empty reply from server

tianxiadys · May 16, 2023, 4:02pm

ohhhhh, my server is in Beijing. This may be a network issue unique to mainland China. Maybe it will resolve itself in a few days.

Osiris · May 16, 2023, 5:52pm

Those replies might contain the Let's Encrypt IP addresses, but that doesn't necessarily mean they actualle came from LE.

rg305 · May 16, 2023, 5:53pm

hint: There may be a great firewall involved...

webprofusion · May 17, 2023, 12:46am

Check that you don't have any geographic or IP range filtering on incoming connections either on your own server or your router/firewall. Something on your side is closing the connection.

schoen · May 17, 2023, 1:14am

Chinese hosting providers sometimes also enforce the ICP license by blocking connections to a server until they're satisfied that it is licensed to operate a public service.

tianxiadys · May 17, 2023, 1:36am

Thank you for all the replies. Specifically, my server is purchased from Alibaba Cloud and located in Beijing, and I have already obtained an ICP license. I am seeking help from Alibaba Cloud, but they also do not seem to have any effective solutions. Here is a global connectivity test showing that access to any servers located outside of China are reset.

webprofusion · May 17, 2023, 2:15am

The thing that's failing is when Let's Encrypt tries to validate your domain using http, so if that is outside your control you could instead validate your domain using DNS.

system · June 16, 2023, 2:16am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.