Info: OpenSSL SSL_connect: Connection reset by peer in connection to acme.zerossl.com:443

[budsz]

Hello,

I've running OS:

# uname -srm
FreeBSD 13.2-RELEASE-p1 amd64

My OpenSSL version:

# openssl version
OpenSSL 1.1.1t-freebsd  7 Feb 2023

And this my acme.sh version:

# ./acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.6

Trying to issue new certs:

./acme.sh --issue -d mydomain.com -w /usr/local/www --debug 3 --force --eab-kid xxxbL0TSPvp0Jsl_wvnxxx --eab-hmac-key xxxOOMivInBUaE-UoQM8GXyMwUW7J-r2Cuubx4Xt1-KoTCwj-JbVs_iGIcHCnGV6aTIYXzUIDNpZ0mQYyCmxxx

[Mon Jul 31 23:02:22 WIB 2023] readlink exists=0
[Mon Jul 31 23:02:22 WIB 2023] dirname exists=0
[Mon Jul 31 23:02:22 WIB 2023] Lets find script dir.
[Mon Jul 31 23:02:22 WIB 2023] _SCRIPT_='./acme.sh'
[Mon Jul 31 23:02:22 WIB 2023] _script='/root/.acme.sh/acme.sh'
[Mon Jul 31 23:02:22 WIB 2023] _script_home='/root/.acme.sh'
[Mon Jul 31 23:02:22 WIB 2023] Using default home:/root/.acme.sh
[Mon Jul 31 23:02:22 WIB 2023] Using config home:/root/.acme.sh
[Mon Jul 31 23:02:22 WIB 2023] ACCOUNT_CONF_PATH='/root/.acme.sh/account.conf'
[Mon Jul 31 23:02:22 WIB 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.6
[Mon Jul 31 23:02:22 WIB 2023] Running cmd: issue
[Mon Jul 31 23:02:22 WIB 2023] _main_domain='mydomain.com'
[Mon Jul 31 23:02:22 WIB 2023] _alt_domains='no'
[Mon Jul 31 23:02:22 WIB 2023] Using config home:/root/.acme.sh
[Mon Jul 31 23:02:22 WIB 2023] ACCOUNT_CONF_PATH='/root/.acme.sh/account.conf'
[Mon Jul 31 23:02:22 WIB 2023] default_acme_server
[Mon Jul 31 23:02:22 WIB 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Mon Jul 31 23:02:22 WIB 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Mon Jul 31 23:02:22 WIB 2023] _ACME_SERVER_PATH='v2/DV90'
[Mon Jul 31 23:02:22 WIB 2023] CA_CONF='/root/.acme.sh/ca/acme.zerossl.com/v2/DV90/ca.conf'
[Mon Jul 31 23:02:22 WIB 2023] DOMAIN_PATH='/root/.acme.sh/mydomain.com_ecc'
[Mon Jul 31 23:02:22 WIB 2023] '/usr/local/www' does not contain 'dns'
[Mon Jul 31 23:02:22 WIB 2023] Le_NextRenewTime='1695855776'
[Mon Jul 31 23:02:22 WIB 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Mon Jul 31 23:02:22 WIB 2023] _init api for server: https://acme.zerossl.com/v2/DV90
[Mon Jul 31 23:02:22 WIB 2023] GET
[Mon Jul 31 23:02:22 WIB 2023] url='https://acme.zerossl.com/v2/DV90'
[Mon Jul 31 23:02:22 WIB 2023] timeout=
[Mon Jul 31 23:02:22 WIB 2023] curl exists=0
[Mon Jul 31 23:02:22 WIB 2023] mktemp exists=0
[Mon Jul 31 23:02:22 WIB 2023] wget exists=0
[Mon Jul 31 23:02:22 WIB 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.uTs7WXLW  -g '
[Mon Jul 31 23:05:22 WIB 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Mon Jul 31 23:05:22 WIB 2023] Here is the curl dump log:
[Mon Jul 31 23:05:22 WIB 2023] == Info:   Trying [2a0e:ac00:c7:d450::5bc7:d450]:443...
== Info: Immediate connect fail for 2a0e:ac00:c7:d450::5bc7:d450: No route to host
== Info:   Trying 91.199.212.80:443...
== Info: Connected to acme.zerossl.com (91.199.212.80) port 443 (#0)
== Info: ALPN: offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: ........ d...?P.......`......3...U...Z .W5:......t.$z....Q4.<...
0040: ..,.A...>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........acme.zerossl.com............................
00c0: ...h2.http/1.1.........1.....0..................................
0100: ...............+............-.....3.&.$... .........A......_..(.
0140: .4.y............................................................
0180: ................................................................
01c0: ................................................................
== Info:  CAfile: /usr/local/share/certs/ca-root-nss.crt
== Info:  CApath: none
== Info: Recv failure: Connection reset by peer
== Info: OpenSSL SSL_connect: Connection reset by peer in connection to acme.zerossl.com:443 
== Info: Closing connection 0

Any suggestion for this issue?

Thanks

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[xiaohuilam]

It is suggested to check is the acme.zerossl.com reachable by execute a telnet command manually:

Last login: Tue Aug  1 23:41:16 on ttys020
➜  ~ telnet acme.zerossl.com 443
Trying 91.199.212.80...
Connected to acme.zerossl.com.
Escape character is '^]'.

If it outputs unreachable/timeout or TCP reset, it should be block by your ISP which acme.sh can't resolve the problem.

[budsz]

Thanks for your suggestion, here is result telnet in my server:

$ telnet acme.zerossl.com 443
Trying 2a0e:ac00:c7:d450::5bc7:d450...
telnet: connect to address 2a0e:ac00:c7:d450::5bc7:d450: No route to host
Trying 91.199.212.80...
Connected to acme.trust-provider.com.
Escape character is '^]'.
^CConnection closed by foreign host.

[Neilpang]

https://datafit.ai/prompt/21474