Thank you, Jacob.
That’s exactly what happened - I added the “TCP Delta” column (should have done this from the very beginning) and it tells the whole story:
I was mislead initially because I saw the LE GET request and the web server response. It’s true that the server responded correctly but the key here is when:
- The RTT (Round Trip Time) is decent, 42 ms - packets #52-54
- LE sends instantly the GET request - #55
- The web server acknowledges quickly the request, 14ms - #56
- LE waits 5 sec (4.95) and sends FIN, ACK (connection close) - #57
- The Web servers ACKs the connection close LE request - #58
- And 8 sec (7.84) after acknowledging the FIN,ACK, the web server sends the challenge response - #69 (it’s not uncommon to see one of the parties continue sending data after acknowledging a FIN, ACK).
- LE ACKs the challenge response - #71 that’s perfectly fine (and the reason for my confusion)
The conversation above is stream #2 in http01-invalid.pcapng from the zip file above. The bottom line is the issue is due to the delayed server response - exactly what Jacob saw in the logs. It’s clear that LE has a timeout of 5 seconds, which is perfectly reasonable.
I really appreciate your quick response guys. You rock!!!
I’ll replace some network equipment and try again.
Regards,
Dean