In first thread my ip not in blocked 103.136.163.71
1 Like
The only thing I can think of (within your server) to check is that ca-certificates.crt file.
The size "213920" doesn't make sense.
If you want to test around that, try:
mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.big
cp /snap/core20/1611/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
Then again:
curl -Iv https://acme-v02.api.letsencrypt.org
curl -Iv https://acme-v02.api.letsencrypt.org --ca-cert /etc/ssl/certs/ca-certificates.crt
2 Likes
both commands are the same, fyi my server use Debian 10 and ISPConfig as cpanel, other my server work normaly
1 Like
And one last set of tests:
dig acme-v02.api.letsencrypt.org +short
openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head
3 Likes
root@boneto:/home/ispconfig3_install# dig acme-v02.api.letsencrypt.org +short
s_client -connect acme-v02.api.letsencrypt.org:443 | head
prod.api.letsencrypt.org.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
172.65.32.248
root@boneto:/home/ispconfig3_install# openssl s_client -connect acme-v02.api.letsencrypt.org:443 | head
write:errno=104
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 320 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
root@boneto:/home/ispconfig3_install#
What shows?:
curl -Ik https://acme-v02.api.letsencrypt.org
[definitely my last test]
4 Likes
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443
I'm done.
Now you may need to do some sort of traceroute and/or tcpdump.
2 Likes
If I look at OpenSSL SSL_connect: SSL_ERROR_SYSCALL · Issue #9566 · openssl/openssl · GitHub it might be due to TLS cipher (or protocol?) differences between the ACME server endpoint and the client.
What exact version of OpenSSL is installed?
4 Likes
Can you show the output of this:
curl -vv http://r3.o.lencr.org
Also,
openssl version
curl --version
The first command should help figure out if there is network connectivity. The second two can help figure out if you have a library issue.
You may also have a firewall issue on your end.
4 Likes
root@boneto:~# curl -vv http://r3.o.lencr.org
* Expire in 0 ms for 6 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 0 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 4 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 1 ms for 1 (transfer 0x55df42029d40)
* Expire in 4 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 4 ms for 1 (transfer 0x55df42029d40)
* Expire in 2 ms for 1 (transfer 0x55df42029d40)
* Expire in 3 ms for 1 (transfer 0x55df42029d40)
* Expire in 4 ms for 1 (transfer 0x55df42029d40)
* Expire in 3 ms for 1 (transfer 0x55df42029d40)
* Expire in 3 ms for 1 (transfer 0x55df42029d40)
* Expire in 4 ms for 1 (transfer 0x55df42029d40)
* Expire in 4 ms for 1 (transfer 0x55df42029d40)
* Expire in 4 ms for 1 (transfer 0x55df42029d40)
* Expire in 8 ms for 1 (transfer 0x55df42029d40)
* Expire in 5 ms for 1 (transfer 0x55df42029d40)
* Expire in 5 ms for 1 (transfer 0x55df42029d40)
* Expire in 8 ms for 1 (transfer 0x55df42029d40)
* Expire in 5 ms for 1 (transfer 0x55df42029d40)
* Expire in 6 ms for 1 (transfer 0x55df42029d40)
* Expire in 8 ms for 1 (transfer 0x55df42029d40)
* Expire in 7 ms for 1 (transfer 0x55df42029d40)
* Expire in 7 ms for 1 (transfer 0x55df42029d40)
* Expire in 8 ms for 1 (transfer 0x55df42029d40)
* Expire in 8 ms for 1 (transfer 0x55df42029d40)
* Expire in 8 ms for 1 (transfer 0x55df42029d40)
* Expire in 16 ms for 1 (transfer 0x55df42029d40)
* Expire in 10 ms for 1 (transfer 0x55df42029d40)
* Expire in 11 ms for 1 (transfer 0x55df42029d40)
* Expire in 16 ms for 1 (transfer 0x55df42029d40)
* Expire in 14 ms for 1 (transfer 0x55df42029d40)
* Expire in 14 ms for 1 (transfer 0x55df42029d40)
* Expire in 16 ms for 1 (transfer 0x55df42029d40)
* Expire in 14 ms for 1 (transfer 0x55df42029d40)
* Expire in 14 ms for 1 (transfer 0x55df42029d40)
* Expire in 50 ms for 1 (transfer 0x55df42029d40)
* Trying 119.110.115.186...
* TCP_NODELAY set
* Expire in 149971 ms for 3 (transfer 0x55df42029d40)
* Expire in 200 ms for 4 (transfer 0x55df42029d40)
* Connected to r3.o.lencr.org (119.110.115.186) port 80 (#0)
> GET / HTTP/1.1
> Host: r3.o.lencr.org
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Content-Length: 0
< Cache-Control: max-age=9082
< Expires: Wed, 07 Sep 2022 16:53:50 GMT
< Date: Wed, 07 Sep 2022 14:22:28 GMT
< Connection: keep-alive
<
* Connection #0 to host r3.o.lencr.org left intact
root@boneto:~# openssl version
OpenSSL 1.1.1n 15 Mar 2022
root@boneto:~# curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1n zlib/1.2.11 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
@JamesLE we have new logs
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: SysCallError(104, 'ECONNRESET')")))
2022-09-07 16:35:16,189:ERROR:certbot.log:An unexpected error occurred:
2022-09-07 16:35:16,539:DEBUG:certbot.main:certbot version: 0.31.0
2022-09-07 16:35:16,539:DEBUG:certbot.main:Arguments: ['--domains', 'dites.lldikti2.id']
2022-09-07 16:35:16,539:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-09-07 16:35:16,546:DEBUG:certbot.log:Root logging level set at 20
2022-09-07 16:35:16,546:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-09-07 16:35:16,547:INFO:certbot.storage:Attempting to parse the version 1.5.0 renewal configuration file found at /etc/letsencrypt/renewal/www.lldikti2.id.conf with version 0.31.0 of Certbot. This might not work.
can you help me
1 Like
Definitely not an IP block. You have very recent libraries, which should work without issue.
This is likely either a firewall issue on your end, or something messed up your server.
3 Likes
These seem to conflict:
3 Likes
do you have a solution?
Do you have multiple versions of certbot installed?
If so, remove all except the latest one.
2 Likes
yes, from ISPConfig and manual via apt. From this i am have done to uninstall from apt, and running from ISPConfig error is the same.
1 Like
Case close with config
--server https://api.buypass.com/acme/directory
I don't now what happed with
acme-v02.api.letsencrypt.org
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.