Failed reissue on plesk due to Could not obtain directory: cURL error 35: Encountered end of file

My domain is: mail.kapal-laut.com

I ran this command: reissue SSL

It produced this output:Could not issue an SSL/TLS certificate for mail.kapal-laut.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for mail.kapal-laut.com.
Details
Could not obtain directory: cURL error 35: Encountered end of file (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory

My web server is (include version): apache nginx

The operating system my web server runs on is (include version): CentOS Linux 7.9.2009 (Core)

My hosting provider, if applicable, is: exabytes

I can login to a root shell on my machine (yes or no, or I don't know): i dont know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian 18.0.6

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): unknown

hi all i need help, i am tring to reissue letsencrypt SSL cert as usual via plesk dashboard.
also already applied the new code/cert in cloudflare.

then this error appear (usually no error like this, just normal reissue SSL process)
image

the error says:
Could not issue an SSL/TLS certificate for mail.kapal-laut.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for mail.kapal-laut.com.
Details
Could not obtain directory: cURL error 35: Encountered end of file (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory

i read somewhere this issue probably caused by server IP was blocked by letsencrypt.

please help

Several users have complained of this in the last hour. I am investigating now. Follow https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/668c963eafdb5f174f9f2443 for status updates.

Can you provide any more information on the periods of time when you started encountering these errors, and what IP address you used to connect?

3 Likes

was happened around 08.30AM indonesia time (GMT +08.00)

our IP is 202.157.184.151

1 Like

The same is being observed here. Plesk 18.0.61 #6, domain certs can generally be issued and renewed, but we are seeing a small number of domains where all the sudden the same error messages appears on renewal or issue attempts. I've already tried to reconfigure the domain configuration files, remove the existing certificate including removing it from the SSL directory and SQLite database (notifications ...), checked the syntax and logic of the webserver config files manually, checked accessibility of the local directories such as the acme-challenge directory, verified that Let's Encrypt acme-v02.api.letsencrypt.org can be reached and responds with expected data. All checks out good, quite unlikely that it is a local server related issue.

We got the first user complaint on July 9, 8:14 am CEST.

We are seeing the same issue on Plesk Obsidian Web Host Edition Version 18.0.59 #2

"Could not obtain directory: cURL error 35: error:0A000126:SSL routines::unexpected eof while reading (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory"

I got the issue as well since last night as my Hetzner ansible installer fails to get a LE certificate.

Did multiple attempts at checking it's cause and got these reports:
This server has connectivity issues:
172.68.8.53 58.0%

curl -k https://acme-v02.api.letsencrypt.org/directory
curl: (35) error:0A000126:SSL routines::unexpected eof while reading

mtr -r -c 200 --report-wide acme-v02.api.letsencrypt.org | tee client_to_server_mtr_log.txt
Start: 2024-07-09T11:47:25+0200
HOST: vmlx02                        Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- fw.#######                0.0%   200    0.4   0.3   0.1   0.4   0.1
  2.|-- 100.80.119.1                   0.0%   200    1.4   2.3   0.6  48.9   4.8
  3.|-- core32.hel1.hetzner.com        0.0%   200    1.0   0.8   0.6   1.4   0.1
  4.|-- juniper4.dc1.hel1.hetzner.com  0.0%   200    1.1   1.5   0.7  36.5   3.7
  5.|-- cloudflare.msk.piter-ix.net    0.0%   200   29.3  19.6  16.7  72.5   7.0
  6.|-- 172.68.8.53                   58.0%   200   17.1  20.4  16.1  70.8   9.4
  7.|-- 172.65.32.248                  0.0%   200   16.2  16.2  15.9  16.6   0.1

I actually saw something similar with cloudflare very recently where the endpoints answering apparently hadn't been provisioned with the required certificates (ironically).

Where it could possibly get worse is if cloudflares provisioners is trying to use Let's Encrypt to issue a certificate for Let's Encrypt.

2 Likes

Indeed I also had the impression it's something at cloudflare.
I tried to reverse DNS the 172.68.8.53 but couldn't find anything.

I eventually added a retry mechanism and now ansible successfully got the LE's cert.
This might be a good workaround as the connection is just intermittent, sometimes out of 5 times, it only fails once.

1 Like

We've had some reports of network trouble from some users reaching Let's Encrypt. We saw a small dip in traffic, but it has since recovered.

Can you let us know if you're still seeing this problem after about 14:20 UTC, about 1 hour ago?

3 Likes

We still have the issue right now.
None of the new certs or renews can be installed. Same error like the author posted.
We are using Plesk Obsidian 18.0.61 and CloudFlare.

1 Like

Can you share the location or IP address you're seeing this error from?

2 Likes

I am from New Zealand, few other members in the community from NZ are having the same issue right now.

See other post: Cannot reach API endpoint from New Zealand

2 Likes

Thanks, that's what I wanted to confirm

3 Likes