Hello!
An error is periodically issued when connecting to acme-v02.api.letsencrypt.org:
$ echo "" | openssl s_client -connect acme-v02.api.letsencrypt.org:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 320 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
This error occurs intermittently. openssl is used by the latest version.
The problem is observed from under the network of the hosting provider Beget and Timeweb. The problem is not observed when connecting from Holland and Digital Ocean servers.
Traces from hosts with problem:
Host 1
# traceroute -T acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 host-109-234-35-2.hosted-by-vdsina.ru (109.234.35.2) 2.202 ms 2.416 ms 2.651 ms
2 185.8.177.112 (185.8.177.112) 1.216 ms 1.221 ms 1.409 ms
3 185.8.179.35 (185.8.179.35) 1.240 ms 1.373 ms 1.486 ms
4 speed-ix.cloudflare.com (185.1.95.191) 3.353 ms 3.900 ms 3.871 ms
5 172.65.32.248 (172.65.32.248) 3.453 ms 3.539 ms 3.524 ms
Host 2
$ sudo traceroute -T acme-v02.api.letsencrypt.org
[sudo] пароль для slava:
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 _gateway (10.101.8.1) 0.214 ms 0.125 ms 0.115 ms
2 10.6.0.35 (10.6.0.35) 2.432 ms 2.422 ms 1.799 ms
3 ae0-3002.rt1.spb.cloud-ix.net (31.28.18.100) 0.623 ms 0.638 ms 0.604 ms
4 spx-ix.as13335.net (194.226.100.129) 1.546 ms 1.545 ms 1.498 ms
5 172.65.32.248 (172.65.32.248) 0.557 ms 0.692 ms 0.656 ms
Host 3:
# traceroute -T acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 rt01.beget.ru (5.101.152.1) 0.405 ms 0.544 ms 4.533 ms
2 ae0-3002.rt1.spb.cloud-ix.net (31.28.18.100) 1.128 ms 1.138 ms 1.144 ms
3 spx-ix.as13335.net (194.226.100.129) 1.011 ms 1.400 ms 1.398 ms
4 172.65.32.248 (172.65.32.248) 0.432 ms 0.470 ms 0.430 ms
# ping acme-v02.api.letsencrypt.org
--- acme-v02.api.letsencrypt.org ping statistics ---
45 packets transmitted, 45 packets received, 0% packet loss
round-trip min/avg/max = 0.459/1.044/6.411 ms
Host 4:
# traceroute acme-v02.api.letsencrypt.org
traceroute to ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248), 64 hops max
1 5.23.48.1 6.299ms 4.931ms 9.367ms
2 194.226.100.129 1.145ms 1.509ms 1.045ms
3 * * *
. . .
# ping -f acme-v02.api.letsencrypt.org
PING ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com (172.65.32.248) 56(84) bytes of data.
.^C
--- ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ping statistics ---
7157 packets transmitted, 7156 received, 0% packet loss, time 3101ms
rtt min/avg/max/mdev = 0.321/0.404/54.320/0.654 ms, pipe 99, ipg/ewma 0.433/0.382 ms
Host trace where no problem is observed:
$ sudo traceroute -T acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 0.287 ms 0.371 ms 0.459 ms
2 * * *
3 ip92-101-242-1.onego.ru (92.101.242.1) 5.491 ms 5.523 ms 9.243 ms
4 212.48.194.52 (212.48.194.52) 9.832 ms 9.925 ms 9.938 ms
5 188.254.2.2 (188.254.2.2) 20.419 ms 188.254.2.0 (188.254.2.0) 13.016 ms 12.909 ms
6 217.107.73.182 (217.107.73.182) 17.085 ms 15.021 ms 14.771 ms
7 172.65.32.248 (172.65.32.248) 7.628 ms 8.591 ms 4.197 ms
Could there be a problem with access from the territory of Russia?
What could be the problem and how can it be solved? If you need more information - ask, we will provide.