Error: while accessing https://github.com/letsencrypt/letsencrypt/info/refs


#1

I’m using CentOS 6. I have got something with no error code number like 401, 403 like this. I’ve trying to figure out but still not working. Please Help.

$ sudo git clone https://github.com/letsencrypt/letsencrypt 
Initialized empty Git repository in /opt/letsencrypt/.git/
error:  while accessing https://github.com/letsencrypt/letsencrypt/info/refs

fatal: HTTP request failed

#2

Hi @numthang

This looks like a general internet connectivity problem with your server. Can you verify that the server’s DNS resolution is working correctly and that you are able to access other external websites? Do you have an egress firewall or something that could be blocking outbound connections?

What does running the following commands on the server in question show:

dig google.com
curl -I http://google.com
curl -I https://www.google.com
dig github.com
curl -I https://github.com
traceroute github.com

#3

I’ve got this error only the command. The others were fine.

curl -I https://github.com
curl: (35) SSL connect error

#4

@numthang Can you please share the output from the other commands?

Can you also try running this on your server and sharing the output?

openssl s_client -tls1_2 -connect github.com:443 </dev/null

#5

Sure, but pretty long.

  [tee@numthang opt]$ dig google.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24115
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		300	IN	A	172.217.27.238

;; Query time: 0 msec
;; SERVER: 203.150.213.1#53(203.150.213.1)
;; WHEN: Fri Sep 21 20:06:58 2018
;; MSG SIZE  rcvd: 44

[tee@numthang opt]$ curl -I http://google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Fri, 21 Sep 2018 13:47:12 GMT
Expires: Sun, 21 Oct 2018 13:47:12 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

[tee@numthang opt]$ curl -I https://www.google.com
HTTP/1.1 200 OK
Date: Fri, 21 Sep 2018 13:47:24 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2018-09-21-13; expires=Sun, 21-Oct-2018 13:47:24 GMT; path=/; domain=.google.com
Set-Cookie: NID=139=dld78-YlGuhqEgrnf0M2RayNjS2nfPhQi75udq4Eiz6D8coox6pYoWa5wwxFjLgbccb4joyj4erGTq5TSAezJ9aeEVHIyCTPQce72RS-j_vNs2HfWbVF0v6Sff-8yAun; expires=Sat, 23-Mar-2019 13:47:24 GMT; path=/; domain=.google.com; HttpOnly
Transfer-Encoding: chunked
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Accept-Ranges: none
Vary: Accept-Encoding

[tee@numthang opt]$ dig github.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51001
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;github.com.			IN	A

;; ANSWER SECTION:
github.com.		300	IN	A	192.30.253.112
github.com.		300	IN	A	192.30.253.113

;; Query time: 0 msec
;; SERVER: 203.150.213.1#53(203.150.213.1)
;; WHEN: Fri Sep 21 20:07:38 2018
;; MSG SIZE  rcvd: 60

[tee@numthang opt]$ curl -I https://github.com
curl: (35) SSL connect error
[tee@numthang opt]$ traceroute github.com
traceroute to github.com (192.30.253.112), 30 hops max, 60 byte packets
 1  203-151-27-252.inter.net.th (203.151.27.252)  1.011 ms  1.053 ms  1.091 ms
 2  203-151-2-9.inter.net.th (203.151.2.9)  0.767 ms  0.695 ms 203-151-2-1.inter.net.th (203.151.2.1)  0.674 ms
 3  203-150-215-9.inter.net.th (203.150.215.9)  24.335 ms  24.344 ms ge6-9archer.ifct.inter.net.th (203.150.222.9)  3.071 ms
 4  ten-gi-0-6-0-6.kkm-core-01.net (180.180.249.161)  24.986 ms  25.153 ms  3.321 ms
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
[tee@numthang opt]$ openssl s_client -tls1_2 -connect github.com:443 </dev/null
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
verify return:1
depth=0 businessCategory = Private Organization, 1.3.6.1.4.1.311.60.2.1.3 = US, 1.3.6.1.4.1.311.60.2.1.2 = Delaware, serialNumber = 5157550, C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = github.com
verify return:1
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHQjCCBiqgAwIBAgIQCgYwQn9bvO1pVzllk7ZFHzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE4MDUwODAwMDAwMFoXDTIwMDYwMzEy
MDAwMFowgccxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
Ewc1MTU3NTUwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG
A1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHViLCBJbmMuMRMwEQYD
VQQDEwpnaXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
xjyq8jyXDDrBTyitcnB90865tWBzpHSbindG/XqYQkzFMBlXmqkzC+FdTRBYyneZ
w5Pz+XWQvL+74JW6LsWNc2EF0xCEqLOJuC9zjPAqbr7uroNLghGxYf13YdqbG5oj
/4x+ogEG3dF/U5YIwVr658DKyESMV6eoYV9mDVfTuJastkqcwero+5ZAKfYVMLUE
sMwFtoTDJFmVf6JlkOWwsxp1WcQ/MRQK1cyqOoUFUgYylgdh3yeCDPeF22Ax8AlQ
xbcaI+GwfQL1FB7Jy+h+KjME9lE/UpgV6Qt2R1xNSmvFCBWu+NFX6epwFP/JRbkM
fLz0beYFUvmMgLtwVpEPSwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUPdNQpdag
re7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFMnCU2FmnV+rJfQmzQ84mqhJ6kipMCUG
A1UdEQQeMByCCmdpdGh1Yi5jb22CDnd3dy5naXRodWIuY29tMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0
oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWcy
LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2Vy
dmVyLWcyLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIB
FhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEF
BQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBS
BggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0
U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAA
MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWY
BPkb37jjd80OyA3cEAAAAWNBYm0KAAAEAwBHMEUCIQDRZp38cTWsWH2GdBpe/uPT
Wnsu/m4BEC2+dIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFg
U5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAE
AwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51
vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d+8H4pxtZOUI5eqkntHOFeV
CqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N+XcqcK0OJYrN
8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxG
eOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW/ip2oJ5grAH8mqQfaunuCVE+v
ac+88lkDK/LVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vN
HnXVUGw+yxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVB
Kqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc/2z2shNoDvxvFUYyY1Oe67xINk
myQKc+ygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma+FXsXBIq
WUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna/teik=
-----END CERTIFICATE-----
subject=/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=5157550/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=github.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3582 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 7F35A65D54F44F88D667B3E075021D52FBFC21A502C8A8C24EF136FAE3B50E74
    Session-ID-ctx: 
    Master-Key: F22DE7721C845F614343D48908F9A357E6CA6B22A23D63AE9164DEF7642D4BBA55CFB69AB9F34007C6EB567C5425F711
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1537535306
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
DONE
[tee@numthang opt]$

#6

Thanks @numthang!

Hmmmmm! Very odd! I don’t see anything obvious. The domain is resolved to a correct IP. The certificate presented to openssl s_client is correct.

Is it possible your git versions is old? That’s the only suggestion the Github documentation page on “https cloning errors” that might be relevant here given you’re on a CentOS 6 machine.

What does git --version show?


#7

Package git-1.7.1-9.el6_9.x86_64 already installed and latest version. Please.

git --version
git version 1.7.1

#8

Now, I’m trying to upgrade to very new version of git by https://stackoverflow.com/questions/21820715/how-to-install-latest-version-of-git-on-centos-7-x-6-x

$ git --version
git version 2.18.0

Now, I’ve got another error messages…

$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Cloning into '/opt/letsencrypt'...
fatal: unable to access 'https://github.com/letsencrypt/letsencrypt/': SSL connect error

#9

Oh, Yola. After the latest error. I have followed this https://stackoverflow.com/questions/48938385/github-unable-to-access-ssl-connect-error. Then, It’s work. Now. Thank you so much @cpu.


#10

Excellent! I’ve never seen this particular error case before. We both learned something new :slight_smile: Thanks for sharing the solution you found.

Have a great day @numthang!


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.