Hello all, first of all thank you for the years of service you've provided for us.
My problem is with a new VPS we just hired. It started with renewals which didn't happend automatically. After a bit of research not only does the auto renewal fails, but doing a curl command to https://acme-v02.api.letsencrypt.org/directory fails on average 1 in 3 times. The output of the failed command is pasted below.
I've also tried it with http1.1 and tls-max 1.2 and 1.1. Same result: Once in a while the request fails with the same error (104).
Could it be we are blocked? Our IP is: 145.131.5.16
Any help is much appreciated, thanks!
My domain is:
not applicable
I ran this command:
curl -vvv https://acme-v02.api.letsencrypt.org/directory`
It produced this output:
Trying 172.65.32.248...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=acme-v02.api.letsencrypt.org
* start date: Oct 31 22:31:13 2022 GMT
* expire date: Jan 29 22:31:12 2023 GMT
* subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* Using Stream ID: 1 (easy handle 0x55e47127e5c0)
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET /directory HTTP/2
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.61.1
> Accept: */*
>
* OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104
* Failed receiving HTTP2 data
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* SSL_write() returned SYSCALL, errno = 32
* Failed sending HTTP2 data
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104
My web server is (include version):
not applicable
The operating system my web server runs on is (include version):
AlmaLinux release 8.6 (Sky Tiger)
My hosting provider, if applicable, is:
Argeweb (Yourhosting)
I can login to a root shell on my machine (yes or no, or I don't know):
Yes, sure.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
We are using directadmin, but I don't think it's applicable for this question
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
We are using DA built in client, but the version of DA is 1.645.