Not able to access acme-v02.api.letsencrypt.org

having some issue when connecting to acme-v02.api.letsencrypt.org. The following is the error from running “curl -v https://acme-v02.api.letsencrypt.org”

* About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)

* Trying 172.65.32.248...

* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)

* SSL received a record that exceeded the maximum permissible length.

* Closing connection 0

curl: (35) SSL received a record that exceeded the maximum permissible length.

Hi @kxt5258

are you sure you have used the correct command?

That error

happens, if you connect a https port via http.

curl -v http://acme-v02.api.letsencrypt.org:443

produces that error.

Yes, the command is correct. When I get a new certificate, I got the following error:

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

An unexpected error occurred:

SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:618)

Then your local installation is too old.

Please answer all of the following questions:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

And check other domains like https://www.google.com/ with curl.

My domain is: cloud.erp.bt

I ran this command:
sudo certbot certonly --apache

It produced this output:
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

An unexpected error occurred:

SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:618)

My web server is (include version): Apache/2.4.6

The operating system my web server runs on is (include version): CentOS Linux release 7.7.1908

My hosting provider, if applicable, is: Local

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

I am also able to access other https sites like google.com without any issue

With curl? From that server you run Certbot?

You have the correct ip, that's not the problem.

Checking your domain there are older, expired certificates - https://check-your-website.server-daten.de/?q=cloud.erp.bt#ct-logs

Or do you have multiple curl - instances, so the wrong version is used?

Your configuration is buggy - http over port 443.

Ah, that may be the problem. It's not the problem connecting Letsencrypt, it's the problem, that your own configuration sends http over port 443.

Or not? Http isn't redirected to https:

So the Q-Grade isn't visible.

Or do you have a wrong port forwarding intern - extern?

Oh - your server sends a buggy answer.

D:\temp>download  http://cloud.erp.bt/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -h
SystemDefault
Error (1): Der Server hat eine Protokollverletzung ausgeführt.. Section=ResponseStatusLine
ServerProtocolViolation
3

Perhaps really a wrong port forwarding.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.