If your ACME client has recently had trouble connecting to acme-v02.api.letsencrypt.org I'd like to know more here, in particular if you are using Windows, but also in general.
I develop https://certifytheweb.com and I've recently started to see slightly elevated instances of people saying they can't connect to Let's Encrypt to complete orders. We recently updated how we enable TLS1.3 in that app and that's one thing I will investigate but I'm also interested in hearing if anyone is seeing:
- elevated HTTP 50x status codes (service unavailable or internal server errors), if so with which ACME client and when.
- general connection errors (TLS connection cannot be established etc, untrusted or invalid certficates)
I'm trying to narrow down if there is a particular version of Windows Server affected, or a particular configuration that causes problems including:
- group policy blocking CA root updates
- firewalls blocking CRL checks
- particular security software in place causing issues
- inadequate TLS cipher suite configuration
- TLS 1.3 being enabled but failing to connect
Simple tests:
- Windows (powershell) is
Invoke-WebRequest -URI https://acme-v02.api.letsencrypt.org/directory - Systems with curl:
curl -v https://acme-v02.api.letsencrypt.org/directory
These problems are often temporary and are at least solved by system updates but I'd be interested in seeing if any persist beyond that.