Not able to access acme-v02.api.letsencrypt.org

having some issue when connecting to acme-v02.api.letsencrypt.org. The following is the error from running “curl -v https://acme-v02.api.letsencrypt.org

* About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)

* Trying 172.65.32.248...

* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)

* SSL received a record that exceeded the maximum permissible length.

* Closing connection 0

curl: (35) SSL received a record that exceeded the maximum permissible length.
1 Like

Hi @kxt5258

are you sure you have used the correct command?

That error

happens, if you connect a https port via http.

curl -v http://acme-v02.api.letsencrypt.org:443

produces that error.

2 Likes

Yes, the command is correct. When I get a new certificate, I got the following error:

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

An unexpected error occurred:

SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:618)
1 Like

Then your local installation is too old.

Please answer all of the following questions:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


And check other domains like https://www.google.com/ with curl.

My domain is: cloud.erp.bt

I ran this command:
sudo certbot certonly --apache

It produced this output:
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

An unexpected error occurred:

SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:618)

My web server is (include version): Apache/2.4.6

The operating system my web server runs on is (include version): CentOS Linux release 7.7.1908

My hosting provider, if applicable, is: Local

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

I am also able to access other https sites like google.com without any issue

With curl? From that server you run Certbot?

You have the correct ip, that’s not the problem.

Checking your domain there are older, expired certificates - https://check-your-website.server-daten.de/?q=cloud.erp.bt#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-07-31 2019-10-29 cloud.erp.bt
1 entries
Let’s Encrypt Authority X3 2019-05-03 2019-08-01 cloud.erp.bt
1 entries
Let’s Encrypt Authority X3 2019-02-04 2019-05-05 cloud.erp.bt
1 entries

Or do you have multiple curl - instances, so the wrong version is used?

Your configuration is buggy - http over port 443.

Ah, that may be the problem. It’s not the problem connecting Letsencrypt, it’s the problem, that your own configuration sends http over port 443.

Or not? Http isn’t redirected to https:

Domainname Http-Status redirect Sec. G
http://cloud.erp.bt/ 45.64.248.133 403 Html is minified: 144,28 % 0.407 M
Forbidden
http://cloud.erp.bt/index.php/login 404 Html is minified: 100,00 % 0.703 M
Not Found
https://cloud.erp.bt/ 45.64.248.133 -4 0.733 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send.
http://cloud.erp.bt:443/ 45.64.248.133 302 http://cloud.erp.bt/index.php/login 1.156 Q
Visible Content:
http://cloud.erp.bt/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 45.64.248.133 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0 404 Html is minified: 100,00 % 0.373 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.

So the Q-Grade isn’t visible.

Or do you have a wrong port forwarding intern - extern?

Oh - your server sends a buggy answer.

D:\temp>download  http://cloud.erp.bt/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -h
SystemDefault
Error (1): Der Server hat eine Protokollverletzung ausgeführt.. Section=ResponseStatusLine
ServerProtocolViolation
3

Perhaps really a wrong port forwarding.

1 Like