Resolved Nginx error each hour (502) peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream

[Lrnt]

Hi,

Sine a little time, I have an nginx error each hour (at HH:58:00) which result in a 502 Bad Gateway during 10-15 second.

I really don't know where it comes from?

Before turning of nginx, maybe someone will have an good idea?

Here is a the part of the nginx log when the error occurs:

2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482905 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482905 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482909 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482911 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482913 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482915 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482917 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482919 connect() failed (111: Connection refused) while connecting to upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482921 connect() failed (111: Connection refused) while connecting to upstream                Erreur Nginx
2021-06-12 21:58:05    Error    XX.XXX.XXX.XXX        31293#0: *3482923 connect() failed (111: Connection refused) while connecting to upstream                Erreur Nginx
2021-06-12 21:58:10    Error    XX.XXX.XXX.XXX        31781#0: *3482927 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:10    Error    XX.XXX.XXX.XXX        31781#0: *3482929 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:10    Error    XX.XXX.XXX.XXX        31781#0: *3482931 connect() failed (111: Connection refused) while connecting to upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482933 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482933 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482933 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482937 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482941 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482943 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482948 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482950 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:14    Error    XX.XXX.XXX.XXX        32272#0: *3482952 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:19    Error    XX.XXX.XXX.XXX        300#0: *3482975 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:19    Error    XX.XXX.XXX.XXX        765#0: *3482977 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:19    Error    XX.XXX.XXX.XXX        765#0: *3482977 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:19    Error    XX.XXX.XXX.XXX        765#0: *3482980 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:19    Error    XX.XXX.XXX.XXX        765#0: *3482980 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:20    Error    XX.XXX.XXX.XXX        765#0: *3482987 upstream prematurely closed connection while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:23    Error    XX.XXX.XXX.XXX        1238#0: *3482991 recv() failed (104: Connection reset by peer) while reading response header from upstream                Erreur Nginx
2021-06-12 21:58:23    Error    XX.XXX.XXX.XXX        300#0: *3482975 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream                Erreur Nginx
2021-06-12 21:58:23    Error    XX.XXX.XXX.XXX        1238#0: *3482993 connect() failed (111: Connection refused) while connecting to upstream                Erreur Nginx

• The server is Debian 9.13
• This website uses HTTPS Let's Encrypt Certificate
• This website has a dedicated IP
• This website has a "webapp" running on HTTP (Mandatory due to external hardware reachable through unsecure ws://)
• Nginx has proxy mod enabled

I try to increase nginx buffer but it did not change anything (proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; )
Thanks in advance for yours advices.

 

[Lrnt]

Wow ! Just found this in the crontab:

/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/sslit/scripts/keep-secured.php'

which is executed each hour at 58 MINUTES

Do you think 502 bad gateway errors come from that?
Is it safe to disable ? Or can I uninstall SSL It! and just keep Let's Encrypt! ?

Will my Let's Encrypt Certificates still be renew? (There also a cronjob "/opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/letsencrypt/scripts/keep-secured.php'"

Thanks.

 

[Lrnt]

Ok just found this: All websites show 502 error every hour or even constantly
And just after saw that there was an update today for SSL It!

Problem seems to be solved after update!

1.8.5 (12 June 2021)
[-] The extension no longer reassigns an already issued Let's Encrypt certificate to a domain every hour if its mail component should not be secured. (EXTSSLIT-1645)

 

[weltonw]

Note - I would have solution #2 in place anyways. Very few, if any, reasons not to use graceful restarts