• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
Server operating system version
Alma 8
Plesk version and microupdate number
18.0.61 #6
We are seeing some random create and renewal errors of Let's Encrypt as described in
community.letsencrypt.org

Failed reissue on plesk due to Could not obtain directory: cURL error 35: Encountered end of file

was happened around 08.30AM indonesia time (GMT +08.00) our IP is 202.157.184.151
community.letsencrypt.org community.letsencrypt.org

This only occurs on some domain names while other domains on the same host can renew the certs without issues. I've already tried to reconfigure the domain configuration files, remove the existing certificate including removing it from the SSL directory and SQLite database (notifications ...), checked the syntax and logic of the webserver config files manually, checked accessibility of the local directories such as the acme-challenge directory, verified that Let's Encrypt acme-v02.api.letsencrypt.org can be reached and responds with expected data. All checks out good, yet some domains just won't renew with:
Code: 
Could not obtain directory: cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443 (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://acme-v02.api.letsencrypt.org/directory
As the user who posted to the Let's Encrypt forum is using Plesk, too, it may be wise for the tech team to reach out to Let's Encrypt to find out whether there is a fundamental issue between Plesk SSLIt and them.
 
Thank you for posting about this @Bitpalast. We're currently investigating the issue.

Do the affected domains have IPv6 enabled by any chance?
 
Another server, in another location however reports the same error as yours, Peter.

Code: 
Could not obtain directory: cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443 (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory
 
@Bitpalast Can you try and renew the certificates again?
On serveral sites, i have attempted the renewal process for up 4 times after failure and then they seem to go through.
 
Anyone have any ETA on a resolution? - I can't issue a cert - plesk just hangs for 3 minutes or so, then i get

"Could not obtain directory: cURL error 35: error:0A000126:SSL routines::unexpected eof while reading (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory"

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.
 
grizlyadams said:
Anyone have any ETA on a resolution? - I can't issue a cert - plesk just hangs for 3 minutes or so, then i get

"Could not obtain directory: cURL error 35: error:0A000126:SSL routines::unexpected eof while reading (see libcurl - Error Codes) for https://acme-v02.api.letsencrypt.org/directory"

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.
Click to expand...
it has worked now.
 
I had been getting these same messages for quite a while, but they seemed to have stopped. Nothing in yet today. I really was baffling me.
Glad it's been resolved.
 
You must log in or register to reply here.

Similar threads

V
Issue Failed to reassign let's encrypt
Replies
1
Views
139
Aleksei Fedorov
A
T
Resolved Could not obtain directory: cURL error 35: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to acme-v02.api.letsencrypt.org:443
Replies
7
Views
11K
Peter Debik
P
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
951
SilentWarrior
S
M
Issue Wordpress MU alias domains with Let's Encrypt - hit the error: Order cannot contain more than 100 DNS names
Replies
1
Views
511
Kaspar
K
H
Resolved Lets Encrypt not issuing certificate [due to recent NSS update on operating system]
Replies
1
Views
1K
Maarten
M
Back
Top