Error code 3 when issuing certificate

The same command was working a couple of days ago.
It starts returning error code 3 constantly today.

My domain is:

I ran this command:

  1. ./ --issue --dns -d "*" --yes-I-know-dns-manual-mode-enough-go-ahead-please
  2. After created the DNS TXT record
  3. ./ --renew --dns -d "*" --yes-I-know-dns-manual-mode-enough-go-ahead-please

It produced this output:

stderr: |-
[Wed Jul 28 18:18:49 UTC 2021] Please refer to libcurl - Error Codes for error code: 3
[Wed Jul 28 18:18:50 UTC 2021] Sign failed, finalize code is not 200.
[Wed Jul 28 18:18:50 UTC 2021]
[Wed Jul 28 18:18:50 UTC 2021] Please add '--debug' or '--log' to check more details.
[Wed Jul 28 18:18:50 UTC 2021] See: How to debug · acmesh-official/ Wiki · GitHub
[Wed Jul 28 18:18:50 UTC 2021] The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.
stdout: |-
[Wed Jul 28 18:18:36 UTC 2021] Renew: ''
[Wed Jul 28 18:18:37 UTC 2021] Using CA:
[Wed Jul 28 18:18:37 UTC 2021] Single domain=''
[Wed Jul 28 18:18:37 UTC 2021] Getting domain auth token for each domain
[Wed Jul 28 18:18:37 UTC 2021] Verifying: *
[Wed Jul 28 18:18:38 UTC 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Wed Jul 28 18:18:41 UTC 2021] Success
[Wed Jul 28 18:18:41 UTC 2021] Verify finished, start to sign.
[Wed Jul 28 18:18:41 UTC 2021] Lets finalize the order.
[Wed Jul 28 18:18:41 UTC 2021] Le_OrderFinalize

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): v3.0.0

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

Unfortunately, is now owned by ZeroSSL and defaults to acquiring certificates from ZeroSSL:

If you want to acquire Let's Encrypt certificates, I highly recommend using certbot instead.


I wonder why it still shows "Le" there .... ? ? ?
Maybe it's French!


Seems like hasn't made a complete, internal transition yet.

1 Like

If you skim through the source code, it's everywhere. Every single config object has this prefix. Whatever was the original decision for that prefix, today it's technical debt - it's referenced everywhere and can't be changed without rewriting significant parts and breaking compatibility everywhere.

It's only an internal thing though, the features work as intended.

If you want to continue using + Let's Encrypt, this command will suffice: --set-default-ca --server letsencrypt

The documentation promises that user-configured defaults will always be honored. Specifically it says this:


The error is gone with v2.8.8

Thanks everybody.


Just a quick note: note that for support regarding ZeroSSL certificates, this Community is not the appropriate place to ask for it.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.