Random max retries errors caused by SSLV3_ALERT_BAD_RECORD_MAC

Can you attach the dump here? It seems like you only posted the filesizes and filenames, not the actual file.

2 Likes

capturing "certbot renew --dry-run" with
tcpdump host acme-staging-v02.api.letsencrypt.org -vvv -w dump2.pcap

After seeing the error I interrupted certbot.
All packets were captured, nothing dropped.
dump2.pcap (321.1 KB)

1 Like

I ran the following script x 3 times on different days.

#!/bin/sh
for i in $(seq 1 50)
do
  certbot renew --cert-name carvaka.de --dry-run
  sleep 180
done

Result: In two script runs there were 3 and in one there were 5 of the above-described errors.

The actual certificate renewals work perfectly. The renewal by the systemd timer always happens immediately if the certificate is only valid for 29 days.