I am trying to issue a certificate using acme.sh alias mode. Using DNS challenge. What port should be opened so that my server communicates with Go Daddy and Lets Encrypt to get the certificate.
My domain is: ekicocvalidation
My web server is (include version): Apache 2.2
The operating system my web server runs on is (include version): RHEL
My hosting provider, if applicable, is: GoDaddy
I can login to a root shell on my machine (yes or no, or I don’t know): No
This is the error I am getting though the domain is valid and I issued the certificates in a different server to different domain. So we requested access to lets encrypt and need the port that is needed to communicate
Thanks for the help. The domain ekicocvalidation is created to use it as a validation domain to generate certificates for out internal domains using acme DNS alias method. The screenshot I posted, I was trying to issue certificate from an integration server. However when I try to issue certificate from my qa domain, it is working fine. I just issued it. What do you think the issue is? Is it something to do with internal configuration?
Can you point to the documentation for the “acme DNS alias method” that you are trying to use? Or a design document for how you are planning to create such a method? Without such documentation, we can only guess at the configuration you are trying to create, so it will be hard to come up with good answers.
It seems curl (invoked by acme.sh) is failing to access a GoDaddy API URL, with some sort of SSL error. Perhaps you could try running curl directly (on your server) to see if you can get more information about what the error is?
The curl: (35) TCP connection reset by peer is the core problem, and it’s a problem between your server and GoDaddy’s, not between your server and Let’s Encrypt.
I’m not sure what the root cause is in this case, but there’s a previous post in this forum suggesting there was a problem with a too-small MTU on some link: [solved] Probably my addresses was banned. There was another answer on Stack Exchange that suggested rebuilding their server with a fresh install. I think a fresh OS install or a new server is your best bet. If you do that, and you can successfully run that curl command, you have a winner.