Could not obtain directory: cURL error 28: SSL connection timeout

Could you please check if our IP is blocked?

My domain

I ran this command: curl -vvv

It produced this output:
ubuntusvr01:~# curl -vvv

  • Trying
  • Connected to ( port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.0 (OUT), TLS header, Certificate Status (22):
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS header, Certificate Status (22):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.2 (IN), TLS header, Finished (20):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.2 (IN), TLS header, Supplemental data (23):
  • OpenSSL SSL_connect: Connection reset by peer in connection to
  • Closing connection 0
  • TLSv1.2 (OUT), TLS header, Unknown (21):
  • TLSv1.3 (OUT), TLS alert, decode error (562):
    curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 22.04.4 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Latest Version

Server has access to internet and able to curl other sites hosted out there.

Hello @rmpqube, welcome to the Let's Encrypt community. :slightly_smiling_face:

Let’s Encrypt offers Domain Validation (DV) certificates; presently not IP Addresses.

This is an test from your server to Let's Encrypt

Presently, thus I suggest waiting, using the online tool Let's Debug yields these results

1 Like

But I have filled out the questionnaire in the original post! not sure what am I missing!

The test I ran says we are not able to connect to Let's Encrypt as it is being reset by peer. Hence, we wanted to check if our IP Address is blocked or not for some reason.

Thank you for the Let's Debug result, does this usually go away and fix on itself?

A blocked IP address is very rare. And, the error is usually different than "reset by peer". It has been so long that we have seen one I don't remember exactly what it was but something like "EOF". I do not think your IP is blocked.

Are you able to make other outbound requests? What do these show? You don't have to show every line. Just any error or the HTTP response code and any "server:" response header.

curl -I
curl -I

I would also be interested to see result of below.

sudo traceroute -T -p 443

That is the status of Let's Encrypt itself. And, yes, those go away by themselves. It is just a warning that certain problems may be caused by LE and not your system.

It is just a display from this page which now shows all systems operational


root@ubuntusvr01:~# traceroute -T -p 443
traceroute to (, 30 hops max, 60 byte packets
1 _gateway ( 0.666 ms * *
2 ( 1.297 ms 1.504 ms 1.863 ms
3 ( 1.840 ms ( 1.705 ms ( 1.908 ms
4 ( 1.890 ms ( 4.469 ms ( 2.627 ms
5 ( 2.612 ms 2.650 ms ( 4.403 ms
6 ( 116.093 ms ( 129.526 ms ( 4.689 ms
7 ( 117.855 ms * *
8 ( 145.714 ms * ( 154.740 ms
9 ( 145.663 ms ( 145.643 ms 146.677 ms

Trace looks good, and curl google and cloudflare is also good

root@ubuntusvr01:~#curl -I
HTTP/2 301
server: gws

root@ubuntusvr01:~# curl -I
HTTP/2 301
server: cloudflare

1 Like

Agreed. I reached out to staff and an insider group. Hopefully more info soon.


Couple other things to see if you can connect to them:

curl -I
curl -I
curl -I

I'm not really sure what to do with the outcome of those, one way or the other, but might be helpful for checking whether it's just the one specific part of Let's Encrypt's infrastructure or more than that.


Sorry @rmpqube, the C-n-P buffer didn't have in it what I thought it did. I've edited that post.



I tried this and it also has the same issue, will try others when I have access

This IP is not blocked.


When you have time to try again, please try this:

curl -vv

That will send a http request to the https port (credit to @jcjones for helping me figure out how to route a http request into this)

If you get a 400 status code with this in it <head><title>400 The plain HTTP request was sent to HTTPS port</title></head>, that would suggest to me there is something wrong with your server's openssl implementation or configuration. If you get another dropped connection, you may need to contact Cloudflare (they could be rejecting your ip) or your ISP (potential networking issues) for further help.


Given the IP is not blocked by Let's Encrypt there must be something else doing that.

I know the traceroute reached the LE API. But, could some other security device be inspecting outgoing requests for specific URLs?

I'm not sure what these might tell us in this case but can you show results of below. I am also curious to see results from Peter's list a few posts back. We really are just trying things hoping to see something unexpected. That might help identify what exactly is blocking your request.

Try using HTTP to that domain but forcing port 443
(update: @jvanasco beat me to this one :slight_smile: - we cross-posted )

curl -vv

and using HTTPS but without the /directory URI

curl -vv

I think we ruled that out earlier when trying their domain in post #5.


Its working now! We did not make any changes and it started working on its on. :no_mouth: