Curl https://acme-v02.api.letsencrypt.org/directory curl: (35) Network file descriptor is not connected

Help
1

hello there~~

Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35 [Wed Jun 16 21:29:14 CST 2021] Could not get nonce, let's try again. [Wed Jun 16 21:29:16 CST 2021] Giving up sending to CA server after 20 retries. [Wed Jun 16 21:29:16 CST 2021] Can not get domain new authz. [Wed Jun 16 21:29:16 CST 2021] Please add '--debug' or '--log' to check more details. [Wed Jun 16 21:29:16 CST 2021] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

i login ssh test ~~

curl https://acme-v02.api.letsencrypt.org/directory
curl: (35) Network file descriptor is not connected


[root@10 ~]#  traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
 1  gateway (103.86.47.1)  8.278 ms  8.350 ms  8.482 ms
 2  10.10.10.5 (10.10.10.5)  0.291 ms  0.294 ms  0.380 ms
 3  192.145.251.68 (192.145.251.68)  4.315 ms  4.290 ms  4.275 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
[root@10 ~]#
1 Like
2

[root@10 ~]# curl -v http://acme-v02.api.letsencrypt.org:443

GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: acme-v02.api.letsencrypt.org:443
Accept: /

  • Recv failure: Connection reset by peer
  • Closing connection 0
    curl: (56) Recv failure: Connection reset by peer
    [root@10 ~]#
3

[root@10 ~]# curl https://google.com

301 Moved

301 Moved

The document has moved here.
4

[root@10 ~]# curl -v http://acme-v02.api.letsencrypt.org

GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: acme-v02.api.letsencrypt.org
Accept: /

  • Recv failure: Connection reset by peer
  • Closing connection 0
    curl: (56) Recv failure: Connection reset by peer
    [root@10 ~]#
5

If the connection just closes immediately, and you can get to other sites, then there's probably a firewall blocking it, either on your end or on Let's Encrypt's. If it's on Let's Encrypt's side, then it's probably due to this sort of blocking:

Have you recently received this IP and is there a chance that it might have been used for "bad things" in the recent past?

6

If it is blocked by cdn's wrong judgment, is there any way to release the blocked ip?
Or there is a block time limit, and then automatically release the blocked ip~
Thank you sooo much~~

7

This is my own dedicated server, dedicated ip, and I haven’t done any "bad things". Suddenly today, I can’t issue any certificates~~

I test, [root@10 ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 gateway (103.86.47.1) 5.144 ms 5.247 ms 5.408 ms
2 10.10.10.5 (10.10.10.5) 3.530 ms 1.222 ms 1.242 ms
3 192.145.251.68 (192.145.251.68) 1.463 ms 1.461 ms 1.431 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
twenty one * * *
twenty two * * *
twenty three * * *
twenty four * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[root@10 ~]#

8

Can you traceroute other places? That not seeing anything at all after just a few hops seems weird to me.

The curl error, 35, is an SSL connection error. That makes me think that it probably is the DDoS blocking on Let's Encrypt's side.

@lestaff, can you take a look?

@MyraFigueroa, you might need to post your server's IP here for them to look at it.

9

traceroute to letsencrypt.org (178.128.124.245), 30 hops max, 60 byte packets
1 gateway (103.86.47.1) 18.546 ms 18.581 ms 18.720 ms
2 10.10.10.5 (10.10.10.5) 0.219 ms 0.211 ms 0.224 ms
3 v104.core1.sel1.he.net (184.104.210.213) 0.806 ms 0.815 ms 0.870 ms
4 10ge7-12.core1.hkg1.he.net (184.105.81.69) 36.999 ms 36.991 ms 37.084 ms
5 100ge2-1.core1.sin1.he.net (184.105.222.102) 68.930 ms 76.829 ms 76.816 ms
6 digitalocean.sgix.sg (103.16.102.73) 70.800 ms 69.870 ms 70.872 ms
7 138.197.245.15 (138.197.245.15) 71.323 ms 138.197.245.11 (138.197.245.11) 77.053 ms 77.012 ms
8 138.197.251.184 (138.197.251.184) 71.002 ms 138.197.251.36 (138.197.251.36) 69.795 ms 138.197.251.184 (138.197.251.184) 71.040 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[root@10 ~]#

10

[root@10 ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 gateway (103.86.47.1) 5.411 ms 5.524 ms 5.670 ms
2 10.10.10.5 (10.10.10.5) 2.828 ms 2.879 ms 2.810 ms
3 192.145.251.68 (192.145.251.68) 5.368 ms 5.359 ms 5.387 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[root@10 ~]# traceroute letsencrypt.org
traceroute to letsencrypt.org (178.128.124.245), 30 hops max, 60 byte packets
1 gateway (103.86.47.1) 18.546 ms 18.581 ms 18.720 ms
2 10.10.10.5 (10.10.10.5) 0.219 ms 0.211 ms 0.224 ms
3 v104.core1.sel1.he.net (184.104.210.213) 0.806 ms 0.815 ms 0.870 ms
4 10ge7-12.core1.hkg1.he.net (184.105.81.69) 36.999 ms 36.991 ms 37.084 ms
5 100ge2-1.core1.sin1.he.net (184.105.222.102) 68.930 ms 76.829 ms 76.816 ms
6 digitalocean.sgix.sg (103.16.102.73) 70.800 ms 69.870 ms 70.872 ms
7 138.197.245.15 (138.197.245.15) 71.323 ms 138.197.245.11 (138.197.245.11) 77.053 ms 77.012 ms
8 138.197.251.184 (138.197.251.184) 71.002 ms 138.197.251.36 (138.197.251.36) 69.795 ms 138.197.251.184 (138.197.251.184) 71.040 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[root@10 ~]# traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 gateway (103.86.47.1) 4.688 ms 4.776 ms 4.897 ms
2 10.10.10.5 (10.10.10.5) 0.285 ms 0.279 ms 0.266 ms
3 192.145.251.68 (192.145.251.68) 1.410 ms 1.793 ms 1.756 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[root@10 ~]#

11

[root@10 ~]# curl https://acme-v02.api.letsencrypt.org
curl: (35) Network file descriptor is not connected

[root@10 ~]# curl https://www.letsencrypt.org
Redirecting to https://letsencrypt.org

12

It has returned to normal~It should be a network problem~
thank u so much ~

1 Like
13

It has returned to normal~It should be a network problem~
thank u so much ~

1 Like
14

Can someone unblock our IP? Thanks!

15

Please give the staff some time. It's the middle of the night here. :sleeping:

2 Likes
16

It has returned to normal~It should be a network problem~
thank u so much ~

2 Likes
17

The IP range was not blocked on our side, so it looks like it was indeed some kind of temporary network problem.

4 Likes
18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.