Following this thread , all the commands asked have been ran fine from my server.
As for talking to letsencrypt, I can show you this:
curl -v https://acme-v01.api.letsencrypt.org/directory
* Trying 2a02:26f0:3000:299::3a8e...
* TCP_NODELAY set
* Connected to acme-v01.api.letsencrypt.org (2a02:26f0:3000:299::3a8e) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=acme-v02.api.letsencrypt.org
* start date: Jul 19 04:46:54 2019 GMT
* expire date: Oct 17 04:46:54 2019 GMT
* subjectAltName: host "acme-v01.api.letsencrypt.org" matched cert's "acme-v01.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET /directory HTTP/1.1
> Host: acme-v01.api.letsencrypt.org
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Content-Type: application/json
< Content-Length: 658
< Replay-Nonce: qFSKcE5i9zpYCN5VblT9QplSuQfnmdO_Ur-OyF3Io6M
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
< Expires: Sun, 18 Aug 2019 10:41:08 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Sun, 18 Aug 2019 10:41:08 GMT
< Connection: keep-alive
<
{
"SXCGa2XAw_o": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v01.api.letsencrypt.org left intact
}#
or this:
head -c 50 /dev/urandom | base64 | curl -v -d @- -X POST -i -m 10 -H 'Expect:' https://acme-v02.api.letsencrypt.org/acme/new-acct
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 2a02:26f0:3000:299::3a8e...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (2a02:26f0:3000:299::3a8e) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=acme-v02.api.letsencrypt.org
* start date: Jul 19 04:46:54 2019 GMT
* expire date: Oct 17 04:46:54 2019 GMT
* subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> POST /acme/new-acct HTTP/1.1
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Length: 68
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 68 out of 68 bytes
< HTTP/1.1 415 Unsupported Media Type
HTTP/1.1 415 Unsupported Media Type
< Server: nginx
Server: nginx
< Content-Type: application/problem+json
Content-Type: application/problem+json
< Content-Length: 168
Content-Length: 168
< Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
< Replay-Nonce: XHjLiIlo9XgELT0N11eX7J4kNNru-XBxFn7CbwkwoKQ
Replay-Nonce: XHjLiIlo9XgELT0N11eX7J4kNNru-XBxFn7CbwkwoKQ
< Expires: Sun, 18 Aug 2019 10:38:50 GMT
Expires: Sun, 18 Aug 2019 10:38:50 GMT
< Cache-Control: max-age=0, no-cache, no-store
Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
Pragma: no-cache
< Date: Sun, 18 Aug 2019 10:38:50 GMT
Date: Sun, 18 Aug 2019 10:38:50 GMT
< Connection: close
Connection: close
<
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"",
"status": 415
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
}# root@thetradinghall➤➤ ~ # head -c 30000 /dev/urandom | base64 | curl -v -d @- -X POST -i -m 10 -H 'Expect:' https://acme-v02.api.letsencrypt.org/acme/new-acct
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 2a02:26f0:3000:28b::3a8e...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (2a02:26f0:3000:28b::3a8e) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=acme-v02.api.letsencrypt.org
* start date: Jul 19 04:46:54 2019 GMT
* expire date: Oct 17 04:46:54 2019 GMT
* subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> POST /acme/new-acct HTTP/1.1
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Length: 40000
> Content-Type: application/x-www-form-urlencoded
>
* We are completely uploaded and fine
< HTTP/1.1 415 Unsupported Media Type
HTTP/1.1 415 Unsupported Media Type
< Server: nginx
Server: nginx
< Content-Type: application/problem+json
Content-Type: application/problem+json
< Content-Length: 168
Content-Length: 168
< Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
< Replay-Nonce: kZ3g04aFuAW0eBNrYvzmlTwtGk7fRpsjRC_HkyotMRw
Replay-Nonce: kZ3g04aFuAW0eBNrYvzmlTwtGk7fRpsjRC_HkyotMRw
< Expires: Sun, 18 Aug 2019 10:40:21 GMT
Expires: Sun, 18 Aug 2019 10:40:21 GMT
< Cache-Control: max-age=0, no-cache, no-store
Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
Pragma: no-cache
< Date: Sun, 18 Aug 2019 10:40:21 GMT
Date: Sun, 18 Aug 2019 10:40:21 GMT
< Connection: close
Connection: close
<
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"",
"status": 415
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
}#
so I would say yes, I can talk to letsencrypt.