Read: connection reset by peer

We are using the cert-manager for issuing the lets encrypt certs using the HTTP01 challenge.

We see connection reset by peer errors. Any pointers on what could be wrong.

Name: letsencrypt
Namespace:
Labels: by-squad=mmm
for-product=mmm
Annotations:
API Version: cert-manager.io/v1
Kind: ClusterIssuer
Metadata:
Creation Timestamp: 2025-07-23T07:37:54Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:labels:
f:by-squad:
f:for-product:
f:spec:
f:acme:
f:email:
f:privateKeySecretRef:
f:name:
f:server:
f:solvers:
Manager: certmanager-addon
Operation: Apply
Time: 2025-07-23T07:37:54Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:acme:
.:
f:lastPrivateKeyHash:
f:lastRegisteredEmail:
f:conditions:
.:
k:{"type":"Ready"}:
.:
f:lastTransitionTime:
f:message:
f:observedGeneration:
f:reason:
f:status:
f:type:
Manager: cert-manager-clusterissuers
Operation: Update
Subresource: status
Time: 2025-07-23T08:54:54Z
Resource Version: 37907754
UID: cbde48d3-40f6-43f4-a313-9af0543a53cd
Spec:
Acme:
Email: <>
Private Key Secret Ref:
Name: acme-cluster-issuer-account-key
Server: https://acme-v02.api.letsencrypt.org/directory
Solvers:
http01:
Ingress:
Class: openshift-default
Ingress Template:
Metadata:
Labels:
Scope: public
Type: private
Status:
Acme:
Last Private Key Hash: IwkASMHxZe6AICM4LA1yTfyJ+l1xLluA98iYZez553M=
Last Registered Email: <>
Conditions:
Last Transition Time: 2025-07-23T08:30:52Z
Message: The ACME account was registered with the ACME server
Observed Generation: 1
Reason: ACMEAccountRegistered
Status: True
Type: Ready
Events:
Type Reason Age From Message

Warning ErrInitIssuer 72m cert-manager-clusterissuers Error initializing issuer: Get "https://acme-v02.api.letsencrypt.org/directory": read tcp 172.21.20.17:56678->172.65.32.248:443: read: connection reset by peer
Warning ErrInitIssuer 53m cert-manager-clusterissuers Error initializing issuer: Post "https://acme-v02.api.letsencrypt.org/acme/new-acct": read tcp 172.21.22.10:41948->172.65.32.248:443: read: connection reset by peer
Warning ErrInitIssuer 37m cert-manager-clusterissuers Error initializing issuer: Get "https://acme-v02.api.letsencrypt.org/directory": write tcp 172.21.22.10:50096->172.65.32.248:443: write: connection reset by peer
Warning ErrInitIssuer 24m cert-manager-clusterissuers Error initializing issuer: Post "https://acme-v02.api.letsencrypt.org/acme/new-acct": read tcp 172.21.22.10:43054->172.65.32.248:443: read: connection reset by peer

domain: 20250722-0420-5083-83d1-e79357dfd5b1.8b5b3a02-9de5-4e85-9378-5c1c433024f0.watsonxdata.prep.ibmforusgov.com

Does cert-manager definitely have an outgoing https connection that works? It seems to just not be able to connect to the API, which probably means it can't connect to anything (for IPv4 at least).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.