Plesk and could not issue a Let’s Encrypt SSL/TLS due cURL error 56

avklinken · March 21, 2022, 10:21am

Hi I tried to reissue a certificate in plesk and it just errors out with a curl error.
It might be our IP is on your blocklist for some reason?

The ip is: 145.131.3.230

Edit: sorry its Curl error 56

9peppe · March 21, 2022, 10:53am

https://curl.se/libcurl/c/libcurl-errors.html

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.

Does your server have ISRG Root X1 in its keystore? Certificate Compatibility - Let's Encrypt

Try running
openssl s_client -quiet -verify 10 -connect acme-v02.api.letsencrypt.org:443

9peppe · March 21, 2022, 10:58am

CURLE_RECV_ERROR (56)

Failure with receiving network data.

Uhm.

avklinken · March 21, 2022, 10:59am

Thanks. I have made a mistake on the error code.
The openssl command returns this:
openssl s_client -quiet -verify 10 -connect acme-v02.api.letsencrypt.org:443

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1

verify return:1

depth=1 C = US, O = Let's Encrypt, CN = R3

verify return:1

depth=0 CN = acme-v02.api.letsencrypt.org

verify return:1

9peppe · March 21, 2022, 11:00am

So the certificate is fine and you can connect to the ACME endpoint.

Now try:

curl -iL https://acme-v02.api.letsencrypt.org/directory

avklinken · March 21, 2022, 11:07am

That returns this:

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 21 Mar 2022 11:07:21 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"A6kIuX1nBIo": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"

9peppe · March 21, 2022, 11:12am

So the problem is not with your server, nor your network, nor Let's Encrypt: plesk is messing up or something else (a firewall?) is interfering with it.

And I don't know plesk. Sorry. I hope somebody else here knows more.

system · April 20, 2022, 11:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.