Lets encrypt internal server error

Help
#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: accumbo.se

I ran this command: I have no idea, generated a cert via laravel forge

It produced this output:

--2020-12-22 07:41:48--  https://forge-certificates.laravel.com/le/978455/536249?env=production
Resolving forge-certificates.laravel.com (forge-certificates.laravel.com)... 104.26.13.100, 104.26.12.100, 172.67.71.125, ...
Connecting to forge-certificates.laravel.com (forge-certificates.laravel.com)|104.26.13.100|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘letsencrypt_script1608622908’

     0K ...                                                    30.6M=0s

2020-12-22 07:41:49 (30.6 MB/s) - ‘letsencrypt_script1608622908’ saved [3121]

Cloning into 'letsencrypt1608622909'...
Note: checking out '082da2527cb4aaa3a4740ba03e550205b076f822'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b <new-branch-name>

ERROR: Problem connecting to server (post for https://acme-v02.api.letsencrypt.org/acme/new-acct; curl returned with 35)

My web server is (include version): What is this if not OS? Ubuntu 16.04 LTS 64-bit

The operating system my web server runs on is (include version):
Ubuntu 16.04 LTS 64-bit

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Laravel Forge

#2

What happens if you run:

curl -i https://acme-v02.api.letsencrypt.org/directory
#3 
Server: nginx
Date: Tue, 22 Dec 2020 08:03:52 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "XDshCkrW6ds": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"```
#4

I forgot to say that I get the same error on all out servers in laravel forge. I've never seen this before. And forge says:

1 solution found:
1. LetsEncrypt is experiencing internal server errors.
Please wait a few minutes before issuing a new LetsEncrypt certificate.

#5

I don't think Let's Encrypt is experiencing an outage, for what it's worth.

That error you're getting:

corresponds to:

CURLE_SSL_CONNECT_ERROR (35)
A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.

If this was a widespread problem, then the curl command you ran above would not have succeeded.

It's hard to know exactly what is going wrong because I can't find a copy of the script that Laravel Forge is running to see what it is doing that might produce such an error.

Asking the Laravel developers might be the best place to find help.

#6

Ah, I have discovered that it uses dehydrated.

Are all of your Laravel Forge servers hosted with GleSYS?

Do either of these produce errors (you will have to wait a while for them to complete):

for i in `seq 1 10`; do curl -4 https://acme-v02.api.letsencrypt.org/acme/new-nonce && sleep 1 ; done
for i in `seq 1 10`; do curl -6 https://acme-v02.api.letsencrypt.org/acme/new-nonce && sleep 1 ; done
#7

Hm.. alright! Yes all our servers are hosted at Glesys.

I can try the code you sent.

#8

for i in seq 1 10; do curl -4 https://acme-v02.api.letsencrypt.org/acme/new-nonce && sleep 1 ; done
for i in seq 1 10; do curl -6 https://acme-v02.api.letsencrypt.org/acme/new-nonce && sleep 1 ; done

These didn't return anything in my terminal.

#9

That's good news, but it also means I'm not sure what would be causing dehydrated to encounter that error code 35. Sorry :frowning: .

It has the appearance of a networking error, but without a way to reproduce it, it's hard to say what is happening.

#10

It seems to be working now, after 12 hours of "downtime"... :slight_smile: