• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
Server operating system version
Alma 8
Plesk version and microupdate number
18.0.61 #6
We are seeing some random create and renewal errors of Let's Encrypt as described in
community.letsencrypt.org

Failed reissue on plesk due to Could not obtain directory: cURL error 35: Encountered end of file

was happened around 08.30AM indonesia time (GMT +08.00) our IP is 202.157.184.151
community.letsencrypt.org community.letsencrypt.org

This only occurs on some domain names while other domains on the same host can renew the certs without issues. I've already tried to reconfigure the domain configuration files, remove the existing certificate including removing it from the SSL directory and SQLite database (notifications ...), checked the syntax and logic of the webserver config files manually, checked accessibility of the local directories such as the acme-challenge directory, verified that Let's Encrypt acme-v02.api.letsencrypt.org can be reached and responds with expected data. All checks out good, yet some domains just won't renew with:
Code: 
Could not obtain directory: cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443 (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://acme-v02.api.letsencrypt.org/directory
As the user who posted to the Let's Encrypt forum is using Plesk, too, it may be wise for the tech team to reach out to Let's Encrypt to find out whether there is a fundamental issue between Plesk SSLIt and them.
 
Thank you for posting about this @Bitpalast. We're currently investigating the issue.

Do the affected domains have IPv6 enabled by any chance?
 
Another server, in another location however reports the same error as yours, Peter.

Code: 
Could not obtain directory: cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443 (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory
 
@Bitpalast Can you try and renew the certificates again?
On serveral sites, i have attempted the renewal process for up 4 times after failure and then they seem to go through.
 
Anyone have any ETA on a resolution? - I can't issue a cert - plesk just hangs for 3 minutes or so, then i get

"Could not obtain directory: cURL error 35: error:0A000126:SSL routines::unexpected eof while reading (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory"

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.
 
grizlyadams said:
Anyone have any ETA on a resolution? - I can't issue a cert - plesk just hangs for 3 minutes or so, then i get

"Could not obtain directory: cURL error 35: error:0A000126:SSL routines::unexpected eof while reading (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory"

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.
Click to expand...
it has worked now.
 
I had been getting these same messages for quite a while, but they seemed to have stopped. Nothing in yet today. I really was baffling me.
Glad it's been resolved.
 
You must log in or register to reply here.

Similar threads

T
Resolved Could not obtain directory: cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443
Replies
7
Views
8K
Peter Debik
P
H
Resolved Lets Encrypt not issuing certificate [due to recent NSS update on operating system]
Replies
1
Views
988
Maarten
M
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
1K
klowet
K
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
587
Azurel
Azurel
Nextgen-Networks
Issue Lets Encrypt - error in certificate renew process
2
Replies
21
Views
4K
Peter Debik
P
Back
Top