ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: un-spider.org/www.un-spider.org

I ran this command: certbot --apache

It produced this output:
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: (‘Connection aborted.’, error(104, ‘Connection reset by peer’))
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache/2.4.6 (Red Hat Enterprise Linux)

The operating system my web server runs on is (include version): Red Hat Enterprise Linux Server release 7.7 (Maipo)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

The installation is running in a VirtualBox environment on a windows system. Port 80 and 443 are open.

the following info is found in the let’sencrypt log:
2019-12-06 09:58:37,361:DEBUG:certbot.main:certbot version: 0.39.0
2019-12-06 09:58:37,362:DEBUG:certbot.main:Arguments: [’–apache’]
2019-12-06 09:58:37,362:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-12-06 09:58:37,399:DEBUG:certbot.log:Root logging level set at 20
2019-12-06 09:58:37,399:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-12-06 09:58:37,400:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-12-06 09:58:37,499:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
2019-12-06 09:58:37,770:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7ff55d3c1d50>
Prep: True
2019-12-06 09:58:37,771:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_centos.CentOSConfigurator object at 0x7ff55d3c1d50> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x7ff55d3c1d50>
2019-12-06 09:58:37,771:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-12-06 09:58:42,045:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-12-06 09:58:42,048:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2019-12-06 09:58:42,242:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.39.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1378, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1125, in run
le_client = _init_le_client(config, authenticator, installer)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 607, in _init_le_client
acc, acme = _determine_account(config)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 523, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 176, in register
acme = acme_from_config_key(config, key)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 46, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 828, in init
directory = messages.Directory.from_json(net.get(server).json())
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 1161, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 1110, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 486, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 598, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/adapters.py”, line 415, in send
raise ConnectionError(err, request=request)
ConnectionError: (‘Connection aborted.’, error(104, ‘Connection reset by peer’))
2019-12-06 09:58:42,243:ERROR:certbot.log:An unexpected error occurred:

Hi @wla

looks like your Server can't connect Letsencrypt.

What says

ping acme-v02.api.letsencrypt.org
traceroute acme-v02.api.letsencrypt.org

Do you have a windows firewall that blocks outgoing connections of your Linux system?

Ping works.
ping acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=1 ttl=58 time=6.99 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=2 ttl=58 time=6.95 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=3 ttl=58 time=9.19 ms
64 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=4 ttl=58 time=6.82 ms
but the traceroute bombs out:
traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 gateway (192.168.10.1) 0.641 ms 0.555 ms 0.430 ms
2 128.140.208.66 (128.140.208.66) 1.143 ms 3.188 ms 3.275 ms
3 10.10.10.2 (10.10.10.2) 0.787 ms 0.717 ms 0.697 ms
4 cr-fra2-pwether10644.x-win.dfn.de (188.1.235.65) 6.784 ms 7.108 ms 7.052 ms
5 de-cix-frankfurt.as13335.net (80.81.194.180) 24.971 ms 24.887 ms 24.706 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
I don't have controll over the windows system myself but can get help from an expert unfortunately 9 h behind my timezone.
It could be that there is some firewall in place, but I'm not aware of blocking of outgoing connections.

Sometimes the MTU is a problem. You have a nested system (Linux in a Windows).

Try

ping -s 1500 -M do acme-v02.api.letsencrypt.org

or reduce the 1500 if 1500 doesn’t work.

1500 gave the message ping: local error: Message too long, mtu=1500
but 1300 did work:
ping -s 1300 -M do acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 1300(1328) bytes of data.
1308 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=1 ttl=58 time=7.46 ms
1308 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=2 ttl=58 time=7.43 ms
1308 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=3 ttl=58 time=7.66 ms
1308 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=4 ttl=58 time=7.48 ms
1308 bytes from 172.65.32.248 (172.65.32.248): icmp_seq=5 ttl=58 time=7.53 ms

That’s your answer.

Reduce your MTU to max 1328 or 1300.

Thanks for the info. I’ve change the value. I’ll have to reboot the system to get this working. This will however kick me out from my actual work. I’ll ask my colleague to restart the virtual machine and try certbot afterward. I’ll report the result.

Sorry to report that setting the MTU-value in the interface didn’t help. The info from the letsencrypt.log reads:
2019-12-07 14:18:37,174:DEBUG:certbot.main:certbot version: 0.39.0
2019-12-07 14:18:37,174:DEBUG:certbot.main:Arguments: [’–apache’]
2019-12-07 14:18:37,174:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-12-07 14:18:37,194:DEBUG:certbot.log:Root logging level set at 20
2019-12-07 14:18:37,194:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-12-07 14:18:37,196:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-12-07 14:18:37,314:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
2019-12-07 14:18:37,637:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f5c4a006d90>
Prep: True
2019-12-07 14:18:37,637:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_centos.CentOSConfigurator object at 0x7f5c4a006d90> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x7f5c4a006d90>
2019-12-07 14:18:37,637:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-12-07 14:18:47,750:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-12-07 14:18:47,754:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2019-12-07 14:18:52,819:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.39.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1378, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1125, in run
le_client = _init_le_client(config, authenticator, installer)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 607, in _init_le_client
acc, acme = _determine_account(config)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 523, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 176, in register
acme = acme_from_config_key(config, key)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 46, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 828, in init
directory = messages.Directory.from_json(net.get(server).json())
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 1161, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/site-packages/acme/client.py”, line 1110, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 486, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/site-packages/requests/sessions.py”, line 598, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/site-packages/requests/adapters.py”, line 415, in send
raise ConnectionError(err, request=request)
ConnectionError: (‘Connection aborted.’, error(104, ‘Connection reset by peer’))
2019-12-07 14:18:52,822:ERROR:certbot.log:An unexpected error occurred:

There is a blocking instance, same with your not working traceroute. May be de-cix-frankfurt.as13335.net blocks.

If you can’t change that, may be you can’t use Letsencrypt.

Can you access http://acme-v02.api.letsencrypt.org/ from your computer
maybe try certbot with --server https://api.buypass.com/acme/directory ?
it a alternative CA (Buypass AS) that provides free cert by acme so you may be able to reach there)

When I login to my local German provider via ssh, the traceroute to
acme-v02.api.letsencrypt.org looks the same (no further info after step 5), but there I can get a letsencrypt certificate. I Think, it must be something else, but I have no clue.
I have the feeling that inside of the redhat system something blocks the writing of the certificate.

Unfortunately even that gives no difference:
Starting new HTTPS connection (1): api.buypass.com
An unexpected error occurred:
ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))
Please see the logfiles in /var/log/letsencrypt for more details.
Error log reads:
2019-12-07 14:55:22,463:DEBUG:certbot.main:certbot version: 0.39.0
2019-12-07 14:55:22,463:DEBUG:certbot.main:Arguments: ['--server', 'https://api.buypass.com/acme/directory']
2019-12-07 14:55:22,463:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-12-07 14:55:22,476:DEBUG:certbot.log:Root logging level set at 20
2019-12-07 14:55:22,476:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-12-07 14:55:22,477:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2019-12-07 14:55:22,571:DEBUG:certbot_apache.configurator:Apache version is 2.4.6
2019-12-07 14:55:22,834:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7f399376be50>
Prep: True
2019-12-07 14:55:22,834:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_centos.CentOSConfigurator object at 0x7f399376be50> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x7f399376be50>
2019-12-07 14:55:22,834:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-12-07 14:55:36,170:DEBUG:acme.client:Sending GET request to https://api.buypass.com/acme/directory.
2019-12-07 14:55:36,176:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): api.buypass.com
2019-12-07 14:55:36,337:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/bin/certbot", line 9, in
load_entry_point('certbot==0.39.0', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1378, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1125, in run
le_client = _init_le_client(config, authenticator, installer)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 607, in _init_le_client
acc, acme = _determine_account(config)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 523, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 176, in register
acme = acme_from_config_key(config, key)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 46, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 828, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1161, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1110, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 486, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 598, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 415, in send
raise ConnectionError(err, request=request)
ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))
2019-12-07 14:55:36,341:ERROR:certbot.log:An unexpected error occurred:

can you get any site work from there? wget google.com?

If you have that error with different destinations, it's a wrong local configuration.

May be your combination Windows / Linux, that not works. May be something else.

Sometimes Letsencrypt "blocks" ip addresses. But that's not a "Reset by peer" - error. Instead, a http status 429 etc. is created, so the TCP- and the SSL-connection has worked.

yes, I can connect to google with wget, but the certbot allway gives an error.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.