Anybody having problems with acme.sh ?
I have had acme.sh / letsencrypt running for a very long time now couple of years actually - never any issues, until now.
The last successful certificate renewal was august 1st on one server and august 9 on a second server. Now the renewal does not work.
Also issuing a new certificate does not work.
Both servers run:
FreeBSD 13.2,
acme.sh version 3.0.7 running standalone mode.
No webservers involved.
The error I am seeing is:
Which should indicate that port 80 is blocked. Except the port is wide open which I verifyed by running ssh through port 80. No connection issues whatsoever.
However, doing a tcpdump on port 80 on the servers while acme.sh is attemping a renewal, it does seem like the standalone server is not accepting input.
The connecion attempt from letsencrypt is simply shutdown
I have the exact same situation on two different FreeBSD servers on very different net locations, but a linux server with the same version of acme.sh does not have any issue at all.
Did I miss some imporant stuff?
I have had acme.sh / letsencrypt running for a very long time now couple of years actually - never any issues, until now.
The last successful certificate renewal was august 1st on one server and august 9 on a second server. Now the renewal does not work.
Also issuing a new certificate does not work.
Both servers run:
FreeBSD 13.2,
acme.sh version 3.0.7 running standalone mode.
No webservers involved.
The error I am seeing is:
Code:
[Wed Nov 29 09:43:53 CET 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Wed Nov 29 09:43:53 CET 2023] Here is the curl dump log:
[Wed Nov 29 09:43:53 CET 2023] == Info: Trying x.x.x.x:80...
== Info: Immediate connect fail for x.x.x.x: Connection refused
== Info: Failed to connect to myserver port 80 after 163 ms: Couldn't connect to server
== Info: Closing connection
Which should indicate that port 80 is blocked. Except the port is wide open which I verifyed by running ssh through port 80. No connection issues whatsoever.
However, doing a tcpdump on port 80 on the servers while acme.sh is attemping a renewal, it does seem like the standalone server is not accepting input.
The connecion attempt from letsencrypt is simply shutdown
Code:
10:38:10.746319 IP ec2-3-145-182-97.us-east-2.compute.amazonaws.com.54614 > myserver.http: Flags [S], seq 2716805116, win 62727, options [mss 1460,sackOK,TS val 1384473520 ecr 0,nop,wscale 7], length 0
10:38:10.746363 IP myserver.http > ec2-3-145-182-97.us-east-2.compute.amazonaws.com.54614: Flags [R.], seq 0, ack 2716805117, win 0, length 0
10:38:11.066744 IP outbound1h.letsencrypt.org.39051 > myserver.http: Flags [S], seq 1773033676, win 64240, options [mss 1436,sackOK,TS val 3355672768 ecr 0,nop,wscale 7], length 0
10:38:11.066791 IP myserver.http > outbound1h.letsencrypt.org.39051: Flags [R.], seq 0, ack 1773033677, win 0, length 0
I have the exact same situation on two different FreeBSD servers on very different net locations, but a linux server with the same version of acme.sh does not have any issue at all.
Did I miss some imporant stuff?