Connection time out


#1

Hello, I have my own implementation of acme client based on some source code I found on github. It worked for a while, once i discoveded no certificates are reissued. Since I started to debug this issue, i hod connection time out when trying to connect via PHP curl functions. Also when trying to verify, that is reachable via links, I got message “An error occured while processing your request with reference #97.47f01202.1471505373.54771024”. However with firefox from same locality it is OK and page loads correctly. Wget throws an 504 error.

dig acme-v01.api.letsencrypt.org
acme-v01.api.letsencrypt.org. 6841 IN   CNAME   api.letsencrypt.org.edgekey.net.
api.letsencrypt.org.edgekey.net. 21027 IN CNAME e981.dscb.akamaiedge.net.
e981.dscb.akamaiedge.net. 19    IN      A       104.123.211.71

traceroute to acme-v01.api.letsencrypt.org (104.123.211.71), 30 hops max, 60 byte packets
1  46.36.35.1 (46.36.35.1)  0.447 ms  0.568 ms  0.657 ms
2  41-140.gtt-net.cz (82.144.140.41)  4.033 ms  4.080 ms  4.121 ms
3  241-214.prozeta.net (95.173.214.241)  4.149 ms  4.246 ms  4.337 ms
4  te-0-4-2.ttc.sit.prozeta.net (95.173.215.241)  4.374 ms  4.408 ms  4.426 ms
5  tengig-prozeta.kaora.cz (94.124.104.113)  4.068 ms  4.109 ms  4.103 ms
6  nix4.akamai.com (91.210.16.221)  4.196 ms  4.235 ms  4.170 ms
7  a104-123-211-71.deploy.static.akamaitechnologies.com (104.123.211.71)  4.149 ms  4.136 ms  4.121 ms

Thanks


#2

Hi @driici, I’m sorry to hear you’re having issues. I have some follow-up Q’s for you:

What URL are you trying to reach when you get this error message? Is this happening for 100% of requests or only a portion? Is it still happening?

Can you share the wget invocation you’re using & the produced output?

Thank you for the dig & traceroute information. If possible could you also provide the output from running this mtr command from the affected system:

mtr -c 20 -w -r acme-v01.api.letsencrypt.org

Note: mtr may have to be installed if your system does not include it by default.


#3

Hello, I am trying to reach url acme-v01.api.letsencrypt.org. Currently I have problems with all request called from my acme client.

wget --no-check-certificate acme-v01.api.letsencrypt.org
--2016-08-19 15:18:50--  http://acme-v01.api.letsencrypt.org/
Resolving acme-v01.api.letsencrypt.org (acme-v01.api.letsencrypt.org)… 104.123.211.71, 2a02:26f0:132:38a::3d5, 2a02:26f0:132:386::3d5
Establishing connection with acme-v01.api.letsencrypt.org (acme-v01.api.letsencrypt.org)|104.123.211.71|:80… connected.
HTTP reqest sent ,avaiting response… 504 Gateway Time-out
2016-08-19 15:19:50 ERROR 504: Gateway Time-out.

and here is mtr - do not mind packet loss on 1-3 nodes, there is firewall which drops icmp packets

mtr -c 20 -w -r acme-v01.api.letsencrypt.org
HOST: eam                                                  Loss%   Snt   Last   Avg  Best  Wrst StDev
1.|-- 46.36.35.1                                           20.0%    20    0.5   0.6   0.4   1.4   0.3
2.|-- 41-140.gtt-net.cz                                    15.0%    20    4.2   4.3   4.1   4.8   0.2
3.|-- 241-214.prozeta.net                                  10.0%    20    4.4   4.3   4.2   4.5   0.1
4.|-- te-0-4-2.ttc.sit.prozeta.net                          0.0%    20    4.5   7.4   4.3  17.9   4.1
5.|-- tengig-prozeta.kaora.cz                               0.0%    20    4.3   5.2   4.2  20.2   3.6
6.|-- nix4.akamai.com                                       0.0%    20    4.5   5.6   4.3  28.1   5.3
7.|-- a104-123-211-71.deploy.static.akamaitechnologies.com  0.0%    20    4.4   4.3   4.2   4.4   0.1

but now I was able to reissue expired certificate. I will stay in touch in case some more problems.


#4

I have tried with multiple Debian system, ranging from Wheezy to Jessie, also Sid


#5

The ACME server is not available via http://, you’ll need to use https://.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.