Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LE/Acme Register Account Key Issue.

    Scheduled Pinned Locked Moved ACME
    7 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Napsterbater
      last edited by

      I have 1 of 2 Pfsense boxes on 2.4.4.p3 with ACME 0.6.2.

      Both use the same account key and both register the same two domains, been setup for over a year.

      Now all of the sudden 1 of the boxes is having trouble renewing the two certs.

      Digging further it seems it's getting hung up on the Registering the Account key portion, at least that is what it looks like to me.

      As a test I created a new dummy key and email on the problem box, the output of the log is below, which looks identical to when I try to renew the real certs with the real key.

      I even forced the problem box to request from a different IP/Block.

      I have also forced reinstalled ACME and rebooted the box.

      Anyone have any ideas?

      /tmp/acme/_registerkey/acme_issuecert.log

      [Mon Sep  9 04:26:46 EDT 2019] readlink exists=0
[Mon Sep  9 04:26:46 EDT 2019] dirname exists=0
[Mon Sep  9 04:26:46 EDT 2019] Lets find script dir.
[Mon Sep  9 04:26:46 EDT 2019] _SCRIPT_='/usr/local/pkg/acme/acme.sh'
[Mon Sep  9 04:26:46 EDT 2019] _script='/usr/local/pkg/acme/acme.sh'
[Mon Sep  9 04:26:46 EDT 2019] _script_home='/usr/local/pkg/acme'
[Mon Sep  9 04:26:46 EDT 2019] Using config home:/tmp/acme/_registerkey/
[Mon Sep  9 04:26:46 EDT 2019] APP
[Mon Sep  9 04:26:46 EDT 2019] 3:LOG_FILE='/tmp/acme/_registerkey/acme_issuecert.log'
[Mon Sep  9 04:26:46 EDT 2019] APP
[Mon Sep  9 04:26:46 EDT 2019] 4:LOG_LEVEL='3'
[Mon Sep  9 04:26:46 EDT 2019] LE_WORKING_DIR='/tmp/acme/_registerkey/'
[Mon Sep  9 04:26:46 EDT 2019] Running cmd: registeraccount
[Mon Sep  9 04:26:46 EDT 2019] Using config home:/tmp/acme/_registerkey/
[Mon Sep  9 04:26:46 EDT 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Sep  9 04:26:46 EDT 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Mon Sep  9 04:26:46 EDT 2019] CA_CONF='/tmp/acme/_registerkey//ca/acme-staging-v02.api.letsencrypt.org/ca.conf'
[Mon Sep  9 04:26:46 EDT 2019] Using config home:/tmp/acme/_registerkey/
[Mon Sep  9 04:26:46 EDT 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Sep  9 04:26:46 EDT 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Mon Sep  9 04:26:46 EDT 2019] CA_CONF='/tmp/acme/_registerkey//ca/acme-staging-v02.api.letsencrypt.org/ca.conf'
[Mon Sep  9 04:26:46 EDT 2019] _regAccount
[Mon Sep  9 04:26:46 EDT 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Sep  9 04:26:46 EDT 2019] GET
[Mon Sep  9 04:26:46 EDT 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Sep  9 04:26:46 EDT 2019] timeout=
[Mon Sep  9 04:26:46 EDT 2019] curl exists=0
[Mon Sep  9 04:26:46 EDT 2019] wget exists=127
[Mon Sep  9 04:26:46 EDT 2019] _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header  -g '
[Mon Sep  9 04:26:46 EDT 2019] ret='0'
[Mon Sep  9 04:26:46 EDT 2019] response='{
  "SPujjmW0Pzw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Mon Sep  9 04:26:47 EDT 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Mon Sep  9 04:26:47 EDT 2019] ACME_NEW_AUTHZ
[Mon Sep  9 04:26:47 EDT 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Sep  9 04:26:47 EDT 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Mon Sep  9 04:26:47 EDT 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep  9 04:26:47 EDT 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Sep  9 04:26:47 EDT 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Sep  9 04:26:47 EDT 2019] ACME_VERSION='2'
[Mon Sep  9 04:26:47 EDT 2019] RSA key
[Mon Sep  9 04:26:47 EDT 2019] pub_exp='010001'
[Mon Sep  9 04:26:47 EDT 2019] base64 single line.[Mon Sep  9 04:26:47 EDT 2019] 
xxd exists=127
[Mon Sep  9 04:26:47 EDT 2019] _URGLY_PRINTF='1'
[Mon Sep  9 04:26:47 EDT 2019] e='AQAB'
[Mon Sep  9 04:26:47 EDT 2019] modulus='A2FE6C759F9392731EC2C5CB0642BCFDC085E7D5EED0A964CB045EF93E36E74B12333B44D4270522CA6C10DC2B36161E6321215A81435A074DF88C9AF738843627DE2202AB2556AFC8ED776FC88B427E79B4B17C304BBFB7D47BD9C47339E4CE56E717017B6EF79D21740C69A14EA4CFE22E812B1ABD7CA863F5B617E0970E0D5D68E75FEDF37BB2D41389636A796B03426389E7FE86F76A279BD8BDC668E0A9BDF50B98076DDA5DF2F81E4ABFF49B2BF6E9FCF940D0D9F866A7AF7FD182DE6451569C26CBAF35627E19E6D0ADF842198775037E96CD40C908928949D598ECD35957B777C829899AA000A61E02E2B6164CCA4C26849CE8750D82180C9379D4E0F9E9CB5829B376C74C20EB29B9A7B53827193796FFF2FA3DEBA80FFC2D939F2928C04754C34CEB5A758401AC35CCADB632963DC4A664AF97B35678AB321D9106069DD971BE2916AC5DBB3D67ABADE543D8154046B49A530AF705037843314EB89ED59E2C20DA9E7AD3653DF72FC8829F080D42F49AF094A7488180BB9E350CF4626E716A989CDC62DAC5A64195AA043FC6E90E38AB0D0A04970FE2FCE2F597AC0B3322A93420F8840C759F8F45576F8B7A45F3F9AEA9206A2B0E68B2777004372A59D0703B02DE22D6833146AF8344B6B1D8652787B55F8081478BD41F7508A10E43342C1078596C0906E6687A0D1135DBEE4D9CF491921EFB7E3D80A4101B5D'
[Mon Sep  9 04:26:47 EDT 2019] base64 single line.
[Mon Sep  9 04:26:47 EDT 2019] xxd exists=127
[Mon Sep  9 04:26:47 EDT 2019] _URGLY_PRINTF='1'
[Mon Sep  9 04:26:48 EDT 2019] n='ov5sdZ-TknMewsXLBkK8_cCF59Xu0KlkywRe-T4250sSMztE1CcFIspsENwrNhYeYyEhWoFDWgdN-Iya9ziENifeIgKrJVavyO13b8iLQn55tLF8MEu_t9R72cRzOeTOVucXAXtu950hdAxpoU6kz-IugSsavXyoY_W2F-CXDg1daOdf7fN7stQTiWNqeWsDQmOJ5_6G92onm9i9xmjgqb31C5gHbdpd8vgeSr_0myv26fz5QNDZ-Ganr3_Rgt5kUVacJsuvNWJ-GebQrfhCGYd1A36WzUDJCJKJSdWY7NNZV7d3yCmJmqAAph4C4rYWTMpMJoSc6HUNghgMk3nU4Pnpy1gps3bHTCDrKbmntTgnGTeW__L6PeuoD_wtk58pKMBHVMNM61p1hAGsNcyttjKWPcSmZK-Xs1Z4qzIdkQYGndlxvikWrF27PWerreVD2BVARrSaUwr3BQN4QzFOuJ7Vniwg2p5602U99y_Igp8IDUL0mvCUp0iBgLueNQz0Ym5xapic3GLaxaZBlaoEP8bpDjirDQoElw_i_OL1l6wLMyKpNCD4hAx1n49FV2-LekXz-a6pIGorDmiyd3AENypZ0HA7At4i1oMxRq-DRLax2GUnh7VfgIFHi9QfdQihDkM0LBB4WWwJBuZoeg0RNdvuTZz0kZIe-349gKQQG10'
[Mon Sep  9 04:26:48 EDT 2019] jwk='{"e": "AQAB", "kty": "RSA", "n": "ov5sdZ-TknMewsXLBkK8_cCF59Xu0KlkywRe-T4250sSMztE1CcFIspsENwrNhYeYyEhWoFDWgdN-Iya9ziENifeIgKrJVavyO13b8iLQn55tLF8MEu_t9R72cRzOeTOVucXAXtu950hdAxpoU6kz-IugSsavXyoY_W2F-CXDg1daOdf7fN7stQTiWNqeWsDQmOJ5_6G92onm9i9xmjgqb31C5gHbdpd8vgeSr_0myv26fz5QNDZ-Ganr3_Rgt5kUVacJsuvNWJ-GebQrfhCGYd1A36WzUDJCJKJSdWY7NNZV7d3yCmJmqAAph4C4rYWTMpMJoSc6HUNghgMk3nU4Pnpy1gps3bHTCDrKbmntTgnGTeW__L6PeuoD_wtk58pKMBHVMNM61p1hAGsNcyttjKWPcSmZK-Xs1Z4qzIdkQYGndlxvikWrF27PWerreVD2BVARrSaUwr3BQN4QzFOuJ7Vniwg2p5602U99y_Igp8IDUL0mvCUp0iBgLueNQz0Ym5xapic3GLaxaZBlaoEP8bpDjirDQoElw_i_OL1l6wLMyKpNCD4hAx1n49FV2-LekXz-a6pIGorDmiyd3AENypZ0HA7At4i1oMxRq-DRLax2GUnh7VfgIFHi9QfdQihDkM0LBB4WWwJBuZoeg0RNdvuTZz0kZIe-349gKQQG10"}'
[Mon Sep  9 04:26:48 EDT 2019] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "ov5sdZ-TknMewsXLBkK8_cCF59Xu0KlkywRe-T4250sSMztE1CcFIspsENwrNhYeYyEhWoFDWgdN-Iya9ziENifeIgKrJVavyO13b8iLQn55tLF8MEu_t9R72cRzOeTOVucXAXtu950hdAxpoU6kz-IugSsavXyoY_W2F-CXDg1daOdf7fN7stQTiWNqeWsDQmOJ5_6G92onm9i9xmjgqb31C5gHbdpd8vgeSr_0myv26fz5QNDZ-Ganr3_Rgt5kUVacJsuvNWJ-GebQrfhCGYd1A36WzUDJCJKJSdWY7NNZV7d3yCmJmqAAph4C4rYWTMpMJoSc6HUNghgMk3nU4Pnpy1gps3bHTCDrKbmntTgnGTeW__L6PeuoD_wtk58pKMBHVMNM61p1hAGsNcyttjKWPcSmZK-Xs1Z4qzIdkQYGndlxvikWrF27PWerreVD2BVARrSaUwr3BQN4QzFOuJ7Vniwg2p5602U99y_Igp8IDUL0mvCUp0iBgLueNQz0Ym5xapic3GLaxaZBlaoEP8bpDjirDQoElw_i_OL1l6wLMyKpNCD4hAx1n49FV2-LekXz-a6pIGorDmiyd3AENypZ0HA7At4i1oMxRq-DRLax2GUnh7VfgIFHi9QfdQihDkM0LBB4WWwJBuZoeg0RNdvuTZz0kZIe-349gKQQG10"}}'
[Mon Sep  9 04:26:48 EDT 2019] Registering account
[Mon Sep  9 04:26:48 EDT 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Mon Sep  9 04:26:48 EDT 2019] payload='{"contact": ["mailto: BrokenAcmeTest@napshome.net"], "termsOfServiceAgreed": true}'
[Mon Sep  9 04:26:48 EDT 2019] Use cached jwk for file: /tmp/acme/_registerkey//ca/acme-staging-v02.api.letsencrypt.org/account.key
[Mon Sep  9 04:26:48 EDT 2019] base64 single line.
[Mon Sep  9 04:26:48 EDT 2019] payload64='eyJjb250YWN0IjogWyJtYWlsdG86IEJyb2tlbkFjbWVUZXN0QG5hcHNob21lLm5ldCJdLCAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlfQ'
[Mon Sep  9 04:26:48 EDT 2019] _request_retry_times='1'
[Mon Sep  9 04:26:48 EDT 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Sep  9 04:26:48 EDT 2019] HEAD
[Mon Sep  9 04:26:48 EDT 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Sep  9 04:26:48 EDT 2019] body
[Mon Sep  9 04:26:48 EDT 2019] _postContentType='application/jose+json'
[Mon Sep  9 04:26:48 EDT 2019] curl exists=0
[Mon Sep  9 04:26:48 EDT 2019] wget exists=127
[Mon Sep  9 04:26:48 EDT 2019] _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header  -g '
[Mon Sep  9 04:26:49 EDT 2019] _ret='0'
[Mon Sep  9 04:26:49 EDT 2019] _headers='HTTP/1.1 200 OK
Server: nginx
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001mZ2v8eWJ_WT2j9scGEjHuZ3AGRpNWtW370eap8WhDNI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Mon, 09 Sep 2019 08:26:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 Sep 2019 08:26:49 GMT
Connection: keep-alive

'
[Mon Sep  9 04:26:49 EDT 2019] _CACHED_NONCE='0001mZ2v8eWJ_WT2j9scGEjHuZ3AGRpNWtW370eap8WhDNI'
[Mon Sep  9 04:26:49 EDT 2019] nonce='0001mZ2v8eWJ_WT2j9scGEjHuZ3AGRpNWtW370eap8WhDNI'
[Mon Sep  9 04:26:49 EDT 2019] protected='{"nonce": "0001mZ2v8eWJ_WT2j9scGEjHuZ3AGRpNWtW370eap8WhDNI", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "ov5sdZ-TknMewsXLBkK8_cCF59Xu0KlkywRe-T4250sSMztE1CcFIspsENwrNhYeYyEhWoFDWgdN-Iya9ziENifeIgKrJVavyO13b8iLQn55tLF8MEu_t9R72cRzOeTOVucXAXtu950hdAxpoU6kz-IugSsavXyoY_W2F-CXDg1daOdf7fN7stQTiWNqeWsDQmOJ5_6G92onm9i9xmjgqb31C5gHbdpd8vgeSr_0myv26fz5QNDZ-Ganr3_Rgt5kUVacJsuvNWJ-GebQrfhCGYd1A36WzUDJCJKJSdWY7NNZV7d3yCmJmqAAph4C4rYWTMpMJoSc6HUNghgMk3nU4Pnpy1gps3bHTCDrKbmntTgnGTeW__L6PeuoD_wtk58pKMBHVMNM61p1hAGsNcyttjKWPcSmZK-Xs1Z4qzIdkQYGndlxvikWrF27PWerreVD2BVARrSaUwr3BQN4QzFOuJ7Vniwg2p5602U99y_Igp8IDUL0mvCUp0iBgLueNQz0Ym5xapic3GLaxaZBlaoEP8bpDjirDQoElw_i_OL1l6wLMyKpNCD4hAx1n49FV2-LekXz-a6pIGorDmiyd3AENypZ0HA7At4i1oMxRq-DRLax2GUnh7VfgIFHi9QfdQihDkM0LBB4WWwJBuZoeg0RNdvuTZz0kZIe-349gKQQG10"}}'
[Mon Sep  9 04:26:49 EDT 2019] base64 single line.
[Mon Sep  9 04:26:49 EDT 2019] protected64='eyJub25jZSI6ICIwMDAxbVoydjhlV0pfV1QyajlzY0dFakh1WjNBR1JwTld0VzM3MGVhcDhXaEROSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIm92NXNkWi1Ua25NZXdzWExCa0s4X2NDRjU5WHUwS2xreXdSZS1UNDI1MHNTTXp0RTFDY0ZJc3BzRU53ck5oWWVZeUVoV29GRFdnZE4tSXlhOXppRU5pZmVJZ0tySlZhdnlPMTNiOGlMUW41NXRMRjhNRXVfdDlSNzJjUnpPZVRPVnVjWEFYdHU5NTBoZEF4cG9VNmt6LUl1Z1NzYXZYeW9ZX1cyRi1DWERnMWRhT2RmN2ZON3N0UVRpV05xZVdzRFFtT0o1XzZHOTJvbm05aTl4bWpncWIzMUM1Z0hiZHBkOHZnZVNyXzBteXYyNmZ6NVFORFotR2FucjNfUmd0NWtVVmFjSnN1dk5XSi1HZWJRcmZoQ0dZZDFBMzZXelVESkNKS0pTZFdZN05OWlY3ZDN5Q21KbXFBQXBoNEM0cllXVE1wTUpvU2M2SFVOZ2hnTWszblU0UG5weTFncHMzYkhUQ0RyS2JtbnRUZ25HVGVXX19MNlBldW9EX3d0azU4cEtNQkhWTU5NNjFwMWhBR3NOY3l0dGpLV1BjU21aSy1YczFaNHF6SWRrUVlHbmRseHZpa1dyRjI3UFdlcnJlVkQyQlZBUnJTYVV3cjNCUU40UXpGT3VKN1ZuaXdnMnA1NjAyVTk5eV9JZ3A4SURVTDBtdkNVcDBpQmdMdWVOUXowWW01eGFwaWMzR0xheGFaQmxhb0VQOGJwRGppckRRb0Vsd19pX09MMWw2d0xNeUtwTkNENGhBeDFuNDlGVjItTGVrWHotYTZwSUdvckRtaXlkM0FFTnlwWjBIQTdBdDRpMW9NeFJxLURSTGF4MkdVbmg3VmZnSUZIaTlRZmRRaWhEa00wTEJCNFdXd0pCdVpvZWcwUk5kdnVUWnowa1pJZS0zNDlnS1FRRzEwIn19'
[Mon Sep  9 04:26:49 EDT 2019] base64 single line.
[Mon Sep  9 04:26:49 EDT 2019] _sig_t='QQtjzewmRpVd61jLJWIz2xqnZVvW/R5NdSS1jOHvf/mOhEWSn30p3rqpXrHwDCmlvxNUJq/tyUSAq+0W6XQbwTJKg9LsKaaS2w3pWUqiYT1dTWL7I/cFudcCL9+r4CCNrei9ArpCRFSZ2+vnm8AYgZJG9Bxd5c4Hp9wwjSVJ/RQlgRyYbrQVJYNfXiLjXCyUOUjJlqU0XjabA8h1pL+492fDQv9lF7+B4smolqLO0POARUZXgz7V4/neKT6KB+Z6I/rQwix+p6+VDwLpUIEiO5rm34YPzDwc5MhM73pQ4opw7iqdGSu9dKyuOg+40wpsD2NWG2zYuecakCqFTIT8f4yhTtHkKG+VTqCACZQsqx9SlJIVuVfJOf4MCnXp4xdfd/O3dvqILgGZrxmy9BEbYY+QeqH1b2ccpjqqxwVl5rcUdwwPgHJ9pVuJCzMxoH3qvruif4D3EeOt6ODGt26nERA8kRDe6fyzxnZ2XLlqAK2z3RbcGCIgVpKTWYIZ0QTzjKLCo4/LQkfx4I4D4DbO6vUwbPrHA1NqLjX4gYvKEr8fy4X/ARmNsx8dcaGNY6HFSmA5rqKlhbYnNtrbBPtJU6CBP+hJEWhYJUGAxKqSJ/4WpKBzEB/nDKu2Sw9fs5pSXJhYo6o4sU0MOYkSzBFQI8Pejw0WIYk8Tdb8NX+po6c='
[Mon Sep  9 04:26:49 EDT 2019] sig='QQtjzewmRpVd61jLJWIz2xqnZVvW_R5NdSS1jOHvf_mOhEWSn30p3rqpXrHwDCmlvxNUJq_tyUSAq-0W6XQbwTJKg9LsKaaS2w3pWUqiYT1dTWL7I_cFudcCL9-r4CCNrei9ArpCRFSZ2-vnm8AYgZJG9Bxd5c4Hp9wwjSVJ_RQlgRyYbrQVJYNfXiLjXCyUOUjJlqU0XjabA8h1pL-492fDQv9lF7-B4smolqLO0POARUZXgz7V4_neKT6KB-Z6I_rQwix-p6-VDwLpUIEiO5rm34YPzDwc5MhM73pQ4opw7iqdGSu9dKyuOg-40wpsD2NWG2zYuecakCqFTIT8f4yhTtHkKG-VTqCACZQsqx9SlJIVuVfJOf4MCnXp4xdfd_O3dvqILgGZrxmy9BEbYY-QeqH1b2ccpjqqxwVl5rcUdwwPgHJ9pVuJCzMxoH3qvruif4D3EeOt6ODGt26nERA8kRDe6fyzxnZ2XLlqAK2z3RbcGCIgVpKTWYIZ0QTzjKLCo4_LQkfx4I4D4DbO6vUwbPrHA1NqLjX4gYvKEr8fy4X_ARmNsx8dcaGNY6HFSmA5rqKlhbYnNtrbBPtJU6CBP-hJEWhYJUGAxKqSJ_4WpKBzEB_nDKu2Sw9fs5pSXJhYo6o4sU0MOYkSzBFQI8Pejw0WIYk8Tdb8NX-po6c'
[Mon Sep  9 04:26:49 EDT 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxbVoydjhlV0pfV1QyajlzY0dFakh1WjNBR1JwTld0VzM3MGVhcDhXaEROSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIm92NXNkWi1Ua25NZXdzWExCa0s4X2NDRjU5WHUwS2xreXdSZS1UNDI1MHNTTXp0RTFDY0ZJc3BzRU53ck5oWWVZeUVoV29GRFdnZE4tSXlhOXppRU5pZmVJZ0tySlZhdnlPMTNiOGlMUW41NXRMRjhNRXVfdDlSNzJjUnpPZVRPVnVjWEFYdHU5NTBoZEF4cG9VNmt6LUl1Z1NzYXZYeW9ZX1cyRi1DWERnMWRhT2RmN2ZON3N0UVRpV05xZVdzRFFtT0o1XzZHOTJvbm05aTl4bWpncWIzMUM1Z0hiZHBkOHZnZVNyXzBteXYyNmZ6NVFORFotR2FucjNfUmd0NWtVVmFjSnN1dk5XSi1HZWJRcmZoQ0dZZDFBMzZXelVESkNKS0pTZFdZN05OWlY3ZDN5Q21KbXFBQXBoNEM0cllXVE1wTUpvU2M2SFVOZ2hnTWszblU0UG5weTFncHMzYkhUQ0RyS2JtbnRUZ25HVGVXX19MNlBldW9EX3d0azU4cEtNQkhWTU5NNjFwMWhBR3NOY3l0dGpLV1BjU21aSy1YczFaNHF6SWRrUVlHbmRseHZpa1dyRjI3UFdlcnJlVkQyQlZBUnJTYVV3cjNCUU40UXpGT3VKN1ZuaXdnMnA1NjAyVTk5eV9JZ3A4SURVTDBtdkNVcDBpQmdMdWVOUXowWW01eGFwaWMzR0xheGFaQmxhb0VQOGJwRGppckRRb0Vsd19pX09MMWw2d0xNeUtwTkNENGhBeDFuNDlGVjItTGVrWHotYTZwSUdvckRtaXlkM0FFTnlwWjBIQTdBdDRpMW9NeFJxLURSTGF4MkdVbmg3VmZnSUZIaTlRZmRRaWhEa00wTEJCNFdXd0pCdVpvZWcwUk5kdnVUWnowa1pJZS0zNDlnS1FRRzEwIn19", "payload": "eyJjb250YWN0IjogWyJtYWlsdG86IEJyb2tlbkFjbWVUZXN0QG5hcHNob21lLm5ldCJdLCAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlfQ", "signature": "QQtjzewmRpVd61jLJWIz2xqnZVvW_R5NdSS1jOHvf_mOhEWSn30p3rqpXrHwDCmlvxNUJq_tyUSAq-0W6XQbwTJKg9LsKaaS2w3pWUqiYT1dTWL7I_cFudcCL9-r4CCNrei9ArpCRFSZ2-vnm8AYgZJG9Bxd5c4Hp9wwjSVJ_RQlgRyYbrQVJYNfXiLjXCyUOUjJlqU0XjabA8h1pL-492fDQv9lF7-B4smolqLO0POARUZXgz7V4_neKT6KB-Z6I_rQwix-p6-VDwLpUIEiO5rm34YPzDwc5MhM73pQ4opw7iqdGSu9dKyuOg-40wpsD2NWG2zYuecakCqFTIT8f4yhTtHkKG-VTqCACZQsqx9SlJIVuVfJOf4MCnXp4xdfd_O3dvqILgGZrxmy9BEbYY-QeqH1b2ccpjqqxwVl5rcUdwwPgHJ9pVuJCzMxoH3qvruif4D3EeOt6ODGt26nERA8kRDe6fyzxnZ2XLlqAK2z3RbcGCIgVpKTWYIZ0QTzjKLCo4_LQkfx4I4D4DbO6vUwbPrHA1NqLjX4gYvKEr8fy4X_ARmNsx8dcaGNY6HFSmA5rqKlhbYnNtrbBPtJU6CBP-hJEWhYJUGAxKqSJ_4WpKBzEB_nDKu2Sw9fs5pSXJhYo6o4sU0MOYkSzBFQI8Pejw0WIYk8Tdb8NX-po6c"}'
[Mon Sep  9 04:26:49 EDT 2019] POST
[Mon Sep  9 04:26:49 EDT 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Mon Sep  9 04:26:49 EDT 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxbVoydjhlV0pfV1QyajlzY0dFakh1WjNBR1JwTld0VzM3MGVhcDhXaEROSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIm92NXNkWi1Ua25NZXdzWExCa0s4X2NDRjU5WHUwS2xreXdSZS1UNDI1MHNTTXp0RTFDY0ZJc3BzRU53ck5oWWVZeUVoV29GRFdnZE4tSXlhOXppRU5pZmVJZ0tySlZhdnlPMTNiOGlMUW41NXRMRjhNRXVfdDlSNzJjUnpPZVRPVnVjWEFYdHU5NTBoZEF4cG9VNmt6LUl1Z1NzYXZYeW9ZX1cyRi1DWERnMWRhT2RmN2ZON3N0UVRpV05xZVdzRFFtT0o1XzZHOTJvbm05aTl4bWpncWIzMUM1Z0hiZHBkOHZnZVNyXzBteXYyNmZ6NVFORFotR2FucjNfUmd0NWtVVmFjSnN1dk5XSi1HZWJRcmZoQ0dZZDFBMzZXelVESkNKS0pTZFdZN05OWlY3ZDN5Q21KbXFBQXBoNEM0cllXVE1wTUpvU2M2SFVOZ2hnTWszblU0UG5weTFncHMzYkhUQ0RyS2JtbnRUZ25HVGVXX19MNlBldW9EX3d0azU4cEtNQkhWTU5NNjFwMWhBR3NOY3l0dGpLV1BjU21aSy1YczFaNHF6SWRrUVlHbmRseHZpa1dyRjI3UFdlcnJlVkQyQlZBUnJTYVV3cjNCUU40UXpGT3VKN1ZuaXdnMnA1NjAyVTk5eV9JZ3A4SURVTDBtdkNVcDBpQmdMdWVOUXowWW01eGFwaWMzR0xheGFaQmxhb0VQOGJwRGppckRRb0Vsd19pX09MMWw2d0xNeUtwTkNENGhBeDFuNDlGVjItTGVrWHotYTZwSUdvckRtaXlkM0FFTnlwWjBIQTdBdDRpMW9NeFJxLURSTGF4MkdVbmg3VmZnSUZIaTlRZmRRaWhEa00wTEJCNFdXd0pCdVpvZWcwUk5kdnVUWnowa1pJZS0zNDlnS1FRRzEwIn19", "payload": "eyJjb250YWN0IjogWyJtYWlsdG86IEJyb2tlbkFjbWVUZXN0QG5hcHNob21lLm5ldCJdLCAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlfQ", "signature": "QQtjzewmRpVd61jLJWIz2xqnZVvW_R5NdSS1jOHvf_mOhEWSn30p3rqpXrHwDCmlvxNUJq_tyUSAq-0W6XQbwTJKg9LsKaaS2w3pWUqiYT1dTWL7I_cFudcCL9-r4CCNrei9ArpCRFSZ2-vnm8AYgZJG9Bxd5c4Hp9wwjSVJ_RQlgRyYbrQVJYNfXiLjXCyUOUjJlqU0XjabA8h1pL-492fDQv9lF7-B4smolqLO0POARUZXgz7V4_neKT6KB-Z6I_rQwix-p6-VDwLpUIEiO5rm34YPzDwc5MhM73pQ4opw7iqdGSu9dKyuOg-40wpsD2NWG2zYuecakCqFTIT8f4yhTtHkKG-VTqCACZQsqx9SlJIVuVfJOf4MCnXp4xdfd_O3dvqILgGZrxmy9BEbYY-QeqH1b2ccpjqqxwVl5rcUdwwPgHJ9pVuJCzMxoH3qvruif4D3EeOt6ODGt26nERA8kRDe6fyzxnZ2XLlqAK2z3RbcGCIgVpKTWYIZ0QTzjKLCo4_LQkfx4I4D4DbO6vUwbPrHA1NqLjX4gYvKEr8fy4X_ARmNsx8dcaGNY6HFSmA5rqKlhbYnNtrbBPtJU6CBP-hJEWhYJUGAxKqSJ_4WpKBzEB_nDKu2Sw9fs5pSXJhYo6o4sU0MOYkSzBFQI8Pejw0WIYk8Tdb8NX-po6c"}'
[Mon Sep  9 04:26:49 EDT 2019] _postContentType='application/jose+json'
[Mon Sep  9 04:26:49 EDT 2019] Http already initialized.
[Mon Sep  9 04:26:49 EDT 2019] _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header  -g '
[Mon Sep  9 04:28:49 EDT 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 52
[Mon Sep  9 04:28:49 EDT 2019] _ret='52'
[Mon Sep  9 04:28:49 EDT 2019] responseHeaders='HTTP/1.1 100 Continue
Expires: Mon, 09 Sep 2019 08:26:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

'
[Mon Sep  9 04:28:49 EDT 2019] code='100'
[Mon Sep  9 04:28:49 EDT 2019] original
[Mon Sep  9 04:28:49 EDT 2019] response
[Mon Sep  9 04:28:49 EDT 2019] Register account Error:

      Also Output of curl -v https://acme-v02.api.letsencrypt.org/acme/new-acct seen in some places online as requested info for troubleshooting ACME/LE

      [2.4.4-RELEASE][Napsterbater@car2.napshome.local]/home/Napsterbater: curl -v https://acme-v02.api.letsencrypt.org/acme/new-acct
* Expire in 0 ms for 6 (transfer 0x803a94000)
* Expire in 1 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 0 ms for 1 (transfer 0x803a94000)
* Expire in 1 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 1 ms for 1 (transfer 0x803a94000)
* Expire in 1 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 1 ms for 1 (transfer 0x803a94000)
* Expire in 1 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 1 ms for 1 (transfer 0x803a94000)
* Expire in 1 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 2 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 3 ms for 1 (transfer 0x803a94000)
* Expire in 3 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 3 ms for 1 (transfer 0x803a94000)
* Expire in 3 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 5 ms for 1 (transfer 0x803a94000)
* Expire in 5 ms for 1 (transfer 0x803a94000)
* Expire in 4 ms for 1 (transfer 0x803a94000)
* Expire in 6 ms for 1 (transfer 0x803a94000)
* Expire in 6 ms for 1 (transfer 0x803a94000)
* Expire in 8 ms for 1 (transfer 0x803a94000)
* Expire in 9 ms for 1 (transfer 0x803a94000)
* Expire in 9 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 12 ms for 1 (transfer 0x803a94000)
* Expire in 12 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 12 ms for 1 (transfer 0x803a94000)
* Expire in 12 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 16 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 32 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 64 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 64 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 64 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 50 ms for 1 (transfer 0x803a94000)
* Expire in 64 ms for 1 (transfer 0x803a94000)
* Expire in 200 ms for 1 (transfer 0x803a94000)
* Expire in 200 ms for 1 (transfer 0x803a94000)
* Expire in 64 ms for 1 (transfer 0x803a94000)
* Expire in 200 ms for 1 (transfer 0x803a94000)
* Expire in 200 ms for 1 (transfer 0x803a94000)
* Expire in 200 ms for 1 (transfer 0x803a94000)
*   Trying 2600:1402:19:39b::3a8e...
* TCP_NODELAY set
* Expire in 149760 ms for 3 (transfer 0x803a94000)
* Expire in 200 ms for 4 (transfer 0x803a94000)
* Connected to acme-v02.api.letsencrypt.org (2600:1402:19:39b::3a8e) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=acme-v02.api.letsencrypt.org
*  start date: Jul 19 04:46:54 2019 GMT
*  expire date: Oct 17 04:46:54 2019 GMT
*  subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /acme/new-acct HTTP/1.1
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 405 Method Not Allowed
< Server: nginx
< Content-Type: application/problem+json
< Content-Length: 103
< Allow: POST
< Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
< Expires: Mon, 09 Sep 2019 08:35:12 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Mon, 09 Sep 2019 08:35:12 GMT
< Connection: keep-alive
<
{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Method not allowed",
  "status": 405
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        @Napsterbater said in LE/Acme Register Account Key Issue.:

        https://curl.haxx.se/libcurl/c/libcurl-errors.html

        CURLE_GOT_NOTHING (52)

        Nothing was returned from the server, and under the circumstances, getting nothing is considered an error.

        i think you should check here

        _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header -g '

        i don't use acme. // is it a typo ? even so it shoudn't be a problem ...

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        N 1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Does the failing box happen to have IPv6 connectivity when the working one doesn't? I have seen a similar failure in the past, but not consistently, when trying to contact LE over IPv6. Setting the firewall to prefer IPv4 seemed to get it past that point.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          N 1 Reply Last reply Reply Quote 0
          • N
            Napsterbater @jimp
            last edited by Napsterbater

            @jimp said in LE/Acme Register Account Key Issue.:

            Does the failing box happen to have IPv6 connectivity when the working one doesn't? I have seen a similar failure in the past, but not consistently, when trying to contact LE over IPv6. Setting the firewall to prefer IPv4 seemed to get it past that point.

            No, both use/prefer IPv6. Though as a test I might try that.

            Though I don't believe that should matter since the output from curl -v seems to show working IPV6 connectivity.

            Edit: and thinking about it you might have gaven me something to go on. I'm going to try and double check IPv6 PMTUD for that box/network as well when I get home.

            N 1 Reply Last reply Reply Quote 0
            • N
              Napsterbater @kiokoman
              last edited by

              @kiokoman said in LE/Acme Register Account Key Issue.:

              @Napsterbater said in LE/Acme Register Account Key Issue.:

              https://curl.haxx.se/libcurl/c/libcurl-errors.html

              CURLE_GOT_NOTHING (52)

              Nothing was returned from the server, and under the circumstances, getting nothing is considered an error.

              i think you should check here

              _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header -g '

              i don't use acme. // is it a typo ? even so it shoudn't be a problem ...

              I saw that site and the explanation for that error code but that exact line shows in the working one as well and it doesn't seem to have any problems with it. Though I might actually check that file when I get home. I did not do that.

              1 Reply Last reply Reply Quote 0
              • N
                Napsterbater @Napsterbater
                last edited by Napsterbater

                So I do think it is going to be a IPv6 PMTUD issue based on running this from SSH

                curl "http://mtu1280.vm1.test-ipv6.com/ip/?callback=?&size=1600&fill=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&testdomain=test-ipv6.com&testname=test_v6mtu"

                On the broken box does not work you just get

                curl: (52) Empty reply from server

                yet works fins on the working box, and of course that is the error seen in the above log.

                Got that link/test from http://test-ipv6.com/

                Strange thing is systems behind it have no PMTUD issue.

                But I am confident its not an ACME/LE issue at this point. Ill dive deeper at the end of the week.

                Thanks for sparking the idea to check that.

                N 1 Reply Last reply Reply Quote 0
                • N
                  Napsterbater @Napsterbater
                  last edited by

                  @Napsterbater So I confirmed via packet caps it was a broken PMTUD issue on the Broken box, seems related to NPt, but that is another story.

                  Thanks for the help.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.