LE/Acme Register Account Key Issue.



  • I have 1 of 2 Pfsense boxes on 2.4.4.p3 with ACME 0.6.2.

    Both use the same account key and both register the same two domains, been setup for over a year.

    Now all of the sudden 1 of the boxes is having trouble renewing the two certs.

    Digging further it seems it's getting hung up on the Registering the Account key portion, at least that is what it looks like to me.

    As a test I created a new dummy key and email on the problem box, the output of the log is below, which looks identical to when I try to renew the real certs with the real key.

    I even forced the problem box to request from a different IP/Block.

    I have also forced reinstalled ACME and rebooted the box.

    Anyone have any ideas?

    /tmp/acme/_registerkey/acme_issuecert.log

    [Mon Sep  9 04:26:46 EDT 2019] readlink exists=0
    [Mon Sep  9 04:26:46 EDT 2019] dirname exists=0
    [Mon Sep  9 04:26:46 EDT 2019] Lets find script dir.
    [Mon Sep  9 04:26:46 EDT 2019] _SCRIPT_='/usr/local/pkg/acme/acme.sh'
    [Mon Sep  9 04:26:46 EDT 2019] _script='/usr/local/pkg/acme/acme.sh'
    [Mon Sep  9 04:26:46 EDT 2019] _script_home='/usr/local/pkg/acme'
    [Mon Sep  9 04:26:46 EDT 2019] Using config home:/tmp/acme/_registerkey/
    [Mon Sep  9 04:26:46 EDT 2019] APP
    [Mon Sep  9 04:26:46 EDT 2019] 3:LOG_FILE='/tmp/acme/_registerkey/acme_issuecert.log'
    [Mon Sep  9 04:26:46 EDT 2019] APP
    [Mon Sep  9 04:26:46 EDT 2019] 4:LOG_LEVEL='3'
    [Mon Sep  9 04:26:46 EDT 2019] LE_WORKING_DIR='/tmp/acme/_registerkey/'
    [Mon Sep  9 04:26:46 EDT 2019] Running cmd: registeraccount
    [Mon Sep  9 04:26:46 EDT 2019] Using config home:/tmp/acme/_registerkey/
    [Mon Sep  9 04:26:46 EDT 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
    [Mon Sep  9 04:26:46 EDT 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
    [Mon Sep  9 04:26:46 EDT 2019] CA_CONF='/tmp/acme/_registerkey//ca/acme-staging-v02.api.letsencrypt.org/ca.conf'
    [Mon Sep  9 04:26:46 EDT 2019] Using config home:/tmp/acme/_registerkey/
    [Mon Sep  9 04:26:46 EDT 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
    [Mon Sep  9 04:26:46 EDT 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
    [Mon Sep  9 04:26:46 EDT 2019] CA_CONF='/tmp/acme/_registerkey//ca/acme-staging-v02.api.letsencrypt.org/ca.conf'
    [Mon Sep  9 04:26:46 EDT 2019] _regAccount
    [Mon Sep  9 04:26:46 EDT 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
    [Mon Sep  9 04:26:46 EDT 2019] GET
    [Mon Sep  9 04:26:46 EDT 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
    [Mon Sep  9 04:26:46 EDT 2019] timeout=
    [Mon Sep  9 04:26:46 EDT 2019] curl exists=0
    [Mon Sep  9 04:26:46 EDT 2019] wget exists=127
    [Mon Sep  9 04:26:46 EDT 2019] _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header  -g '
    [Mon Sep  9 04:26:46 EDT 2019] ret='0'
    [Mon Sep  9 04:26:46 EDT 2019] response='{
      "SPujjmW0Pzw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
      "meta": {
        "caaIdentities": [
          "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
        "website": "https://letsencrypt.org/docs/staging-environment/"
      },
      "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
      "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
      "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
      "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
    }'
    [Mon Sep  9 04:26:47 EDT 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
    [Mon Sep  9 04:26:47 EDT 2019] ACME_NEW_AUTHZ
    [Mon Sep  9 04:26:47 EDT 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
    [Mon Sep  9 04:26:47 EDT 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
    [Mon Sep  9 04:26:47 EDT 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
    [Mon Sep  9 04:26:47 EDT 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
    [Mon Sep  9 04:26:47 EDT 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
    [Mon Sep  9 04:26:47 EDT 2019] ACME_VERSION='2'
    [Mon Sep  9 04:26:47 EDT 2019] RSA key
    [Mon Sep  9 04:26:47 EDT 2019] pub_exp='010001'
    [Mon Sep  9 04:26:47 EDT 2019] base64 single line.[Mon Sep  9 04:26:47 EDT 2019] 
    xxd exists=127
    [Mon Sep  9 04:26:47 EDT 2019] _URGLY_PRINTF='1'
    [Mon Sep  9 04:26:47 EDT 2019] e='AQAB'
    [Mon Sep  9 04:26:47 EDT 2019] modulus='A2FE6C759F9392731EC2C5CB0642BCFDC085E7D5EED0A964CB045EF93E36E74B12333B44D4270522CA6C10DC2B36161E6321215A81435A074DF88C9AF738843627DE2202AB2556AFC8ED776FC88B427E79B4B17C304BBFB7D47BD9C47339E4CE56E717017B6EF79D21740C69A14EA4CFE22E812B1ABD7CA863F5B617E0970E0D5D68E75FEDF37BB2D41389636A796B03426389E7FE86F76A279BD8BDC668E0A9BDF50B98076DDA5DF2F81E4ABFF49B2BF6E9FCF940D0D9F866A7AF7FD182DE6451569C26CBAF35627E19E6D0ADF842198775037E96CD40C908928949D598ECD35957B777C829899AA000A61E02E2B6164CCA4C26849CE8750D82180C9379D4E0F9E9CB5829B376C74C20EB29B9A7B53827193796FFF2FA3DEBA80FFC2D939F2928C04754C34CEB5A758401AC35CCADB632963DC4A664AF97B35678AB321D9106069DD971BE2916AC5DBB3D67ABADE543D8154046B49A530AF705037843314EB89ED59E2C20DA9E7AD3653DF72FC8829F080D42F49AF094A7488180BB9E350CF4626E716A989CDC62DAC5A64195AA043FC6E90E38AB0D0A04970FE2FCE2F597AC0B3322A93420F8840C759F8F45576F8B7A45F3F9AEA9206A2B0E68B2777004372A59D0703B02DE22D6833146AF8344B6B1D8652787B55F8081478BD41F7508A10E43342C1078596C0906E6687A0D1135DBEE4D9CF491921EFB7E3D80A4101B5D'
    [Mon Sep  9 04:26:47 EDT 2019] base64 single line.
    [Mon Sep  9 04:26:47 EDT 2019] xxd exists=127
    [Mon Sep  9 04:26:47 EDT 2019] _URGLY_PRINTF='1'
    [Mon Sep  9 04:26:48 EDT 2019] n='ov5sdZ-TknMewsXLBkK8_cCF59Xu0KlkywRe-T4250sSMztE1CcFIspsENwrNhYeYyEhWoFDWgdN-Iya9ziENifeIgKrJVavyO13b8iLQn55tLF8MEu_t9R72cRzOeTOVucXAXtu950hdAxpoU6kz-IugSsavXyoY_W2F-CXDg1daOdf7fN7stQTiWNqeWsDQmOJ5_6G92onm9i9xmjgqb31C5gHbdpd8vgeSr_0myv26fz5QNDZ-Ganr3_Rgt5kUVacJsuvNWJ-GebQrfhCGYd1A36WzUDJCJKJSdWY7NNZV7d3yCmJmqAAph4C4rYWTMpMJoSc6HUNghgMk3nU4Pnpy1gps3bHTCDrKbmntTgnGTeW__L6PeuoD_wtk58pKMBHVMNM61p1hAGsNcyttjKWPcSmZK-Xs1Z4qzIdkQYGndlxvikWrF27PWerreVD2BVARrSaUwr3BQN4QzFOuJ7Vniwg2p5602U99y_Igp8IDUL0mvCUp0iBgLueNQz0Ym5xapic3GLaxaZBlaoEP8bpDjirDQoElw_i_OL1l6wLMyKpNCD4hAx1n49FV2-LekXz-a6pIGorDmiyd3AENypZ0HA7At4i1oMxRq-DRLax2GUnh7VfgIFHi9QfdQihDkM0LBB4WWwJBuZoeg0RNdvuTZz0kZIe-349gKQQG10'
    [Mon Sep  9 04:26:48 EDT 2019] jwk='{"e": "AQAB", "kty": "RSA", "n": "ov5sdZ-TknMewsXLBkK8_cCF59Xu0KlkywRe-T4250sSMztE1CcFIspsENwrNhYeYyEhWoFDWgdN-Iya9ziENifeIgKrJVavyO13b8iLQn55tLF8MEu_t9R72cRzOeTOVucXAXtu950hdAxpoU6kz-IugSsavXyoY_W2F-CXDg1daOdf7fN7stQTiWNqeWsDQmOJ5_6G92onm9i9xmjgqb31C5gHbdpd8vgeSr_0myv26fz5QNDZ-Ganr3_Rgt5kUVacJsuvNWJ-GebQrfhCGYd1A36WzUDJCJKJSdWY7NNZV7d3yCmJmqAAph4C4rYWTMpMJoSc6HUNghgMk3nU4Pnpy1gps3bHTCDrKbmntTgnGTeW__L6PeuoD_wtk58pKMBHVMNM61p1hAGsNcyttjKWPcSmZK-Xs1Z4qzIdkQYGndlxvikWrF27PWerreVD2BVARrSaUwr3BQN4QzFOuJ7Vniwg2p5602U99y_Igp8IDUL0mvCUp0iBgLueNQz0Ym5xapic3GLaxaZBlaoEP8bpDjirDQoElw_i_OL1l6wLMyKpNCD4hAx1n49FV2-LekXz-a6pIGorDmiyd3AENypZ0HA7At4i1oMxRq-DRLax2GUnh7VfgIFHi9QfdQihDkM0LBB4WWwJBuZoeg0RNdvuTZz0kZIe-349gKQQG10"}'
    [Mon Sep  9 04:26:48 EDT 2019] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "ov5sdZ-TknMewsXLBkK8_cCF59Xu0KlkywRe-T4250sSMztE1CcFIspsENwrNhYeYyEhWoFDWgdN-Iya9ziENifeIgKrJVavyO13b8iLQn55tLF8MEu_t9R72cRzOeTOVucXAXtu950hdAxpoU6kz-IugSsavXyoY_W2F-CXDg1daOdf7fN7stQTiWNqeWsDQmOJ5_6G92onm9i9xmjgqb31C5gHbdpd8vgeSr_0myv26fz5QNDZ-Ganr3_Rgt5kUVacJsuvNWJ-GebQrfhCGYd1A36WzUDJCJKJSdWY7NNZV7d3yCmJmqAAph4C4rYWTMpMJoSc6HUNghgMk3nU4Pnpy1gps3bHTCDrKbmntTgnGTeW__L6PeuoD_wtk58pKMBHVMNM61p1hAGsNcyttjKWPcSmZK-Xs1Z4qzIdkQYGndlxvikWrF27PWerreVD2BVARrSaUwr3BQN4QzFOuJ7Vniwg2p5602U99y_Igp8IDUL0mvCUp0iBgLueNQz0Ym5xapic3GLaxaZBlaoEP8bpDjirDQoElw_i_OL1l6wLMyKpNCD4hAx1n49FV2-LekXz-a6pIGorDmiyd3AENypZ0HA7At4i1oMxRq-DRLax2GUnh7VfgIFHi9QfdQihDkM0LBB4WWwJBuZoeg0RNdvuTZz0kZIe-349gKQQG10"}}'
    [Mon Sep  9 04:26:48 EDT 2019] Registering account
    [Mon Sep  9 04:26:48 EDT 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
    [Mon Sep  9 04:26:48 EDT 2019] payload='{"contact": ["mailto: BrokenAcmeTest@napshome.net"], "termsOfServiceAgreed": true}'
    [Mon Sep  9 04:26:48 EDT 2019] Use cached jwk for file: /tmp/acme/_registerkey//ca/acme-staging-v02.api.letsencrypt.org/account.key
    [Mon Sep  9 04:26:48 EDT 2019] base64 single line.
    [Mon Sep  9 04:26:48 EDT 2019] payload64='eyJjb250YWN0IjogWyJtYWlsdG86IEJyb2tlbkFjbWVUZXN0QG5hcHNob21lLm5ldCJdLCAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlfQ'
    [Mon Sep  9 04:26:48 EDT 2019] _request_retry_times='1'
    [Mon Sep  9 04:26:48 EDT 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
    [Mon Sep  9 04:26:48 EDT 2019] HEAD
    [Mon Sep  9 04:26:48 EDT 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
    [Mon Sep  9 04:26:48 EDT 2019] body
    [Mon Sep  9 04:26:48 EDT 2019] _postContentType='application/jose+json'
    [Mon Sep  9 04:26:48 EDT 2019] curl exists=0
    [Mon Sep  9 04:26:48 EDT 2019] wget exists=127
    [Mon Sep  9 04:26:48 EDT 2019] _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header  -g '
    [Mon Sep  9 04:26:49 EDT 2019] _ret='0'
    [Mon Sep  9 04:26:49 EDT 2019] _headers='HTTP/1.1 200 OK
    Server: nginx
    Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0001mZ2v8eWJ_WT2j9scGEjHuZ3AGRpNWtW370eap8WhDNI
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Content-Length: 0
    Expires: Mon, 09 Sep 2019 08:26:49 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Mon, 09 Sep 2019 08:26:49 GMT
    Connection: keep-alive
    
    '
    [Mon Sep  9 04:26:49 EDT 2019] _CACHED_NONCE='0001mZ2v8eWJ_WT2j9scGEjHuZ3AGRpNWtW370eap8WhDNI'
    [Mon Sep  9 04:26:49 EDT 2019] nonce='0001mZ2v8eWJ_WT2j9scGEjHuZ3AGRpNWtW370eap8WhDNI'
    [Mon Sep  9 04:26:49 EDT 2019] protected='{"nonce": "0001mZ2v8eWJ_WT2j9scGEjHuZ3AGRpNWtW370eap8WhDNI", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "ov5sdZ-TknMewsXLBkK8_cCF59Xu0KlkywRe-T4250sSMztE1CcFIspsENwrNhYeYyEhWoFDWgdN-Iya9ziENifeIgKrJVavyO13b8iLQn55tLF8MEu_t9R72cRzOeTOVucXAXtu950hdAxpoU6kz-IugSsavXyoY_W2F-CXDg1daOdf7fN7stQTiWNqeWsDQmOJ5_6G92onm9i9xmjgqb31C5gHbdpd8vgeSr_0myv26fz5QNDZ-Ganr3_Rgt5kUVacJsuvNWJ-GebQrfhCGYd1A36WzUDJCJKJSdWY7NNZV7d3yCmJmqAAph4C4rYWTMpMJoSc6HUNghgMk3nU4Pnpy1gps3bHTCDrKbmntTgnGTeW__L6PeuoD_wtk58pKMBHVMNM61p1hAGsNcyttjKWPcSmZK-Xs1Z4qzIdkQYGndlxvikWrF27PWerreVD2BVARrSaUwr3BQN4QzFOuJ7Vniwg2p5602U99y_Igp8IDUL0mvCUp0iBgLueNQz0Ym5xapic3GLaxaZBlaoEP8bpDjirDQoElw_i_OL1l6wLMyKpNCD4hAx1n49FV2-LekXz-a6pIGorDmiyd3AENypZ0HA7At4i1oMxRq-DRLax2GUnh7VfgIFHi9QfdQihDkM0LBB4WWwJBuZoeg0RNdvuTZz0kZIe-349gKQQG10"}}'
    [Mon Sep  9 04:26:49 EDT 2019] base64 single line.
    [Mon Sep  9 04:26:49 EDT 2019] protected64='eyJub25jZSI6ICIwMDAxbVoydjhlV0pfV1QyajlzY0dFakh1WjNBR1JwTld0VzM3MGVhcDhXaEROSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIm92NXNkWi1Ua25NZXdzWExCa0s4X2NDRjU5WHUwS2xreXdSZS1UNDI1MHNTTXp0RTFDY0ZJc3BzRU53ck5oWWVZeUVoV29GRFdnZE4tSXlhOXppRU5pZmVJZ0tySlZhdnlPMTNiOGlMUW41NXRMRjhNRXVfdDlSNzJjUnpPZVRPVnVjWEFYdHU5NTBoZEF4cG9VNmt6LUl1Z1NzYXZYeW9ZX1cyRi1DWERnMWRhT2RmN2ZON3N0UVRpV05xZVdzRFFtT0o1XzZHOTJvbm05aTl4bWpncWIzMUM1Z0hiZHBkOHZnZVNyXzBteXYyNmZ6NVFORFotR2FucjNfUmd0NWtVVmFjSnN1dk5XSi1HZWJRcmZoQ0dZZDFBMzZXelVESkNKS0pTZFdZN05OWlY3ZDN5Q21KbXFBQXBoNEM0cllXVE1wTUpvU2M2SFVOZ2hnTWszblU0UG5weTFncHMzYkhUQ0RyS2JtbnRUZ25HVGVXX19MNlBldW9EX3d0azU4cEtNQkhWTU5NNjFwMWhBR3NOY3l0dGpLV1BjU21aSy1YczFaNHF6SWRrUVlHbmRseHZpa1dyRjI3UFdlcnJlVkQyQlZBUnJTYVV3cjNCUU40UXpGT3VKN1ZuaXdnMnA1NjAyVTk5eV9JZ3A4SURVTDBtdkNVcDBpQmdMdWVOUXowWW01eGFwaWMzR0xheGFaQmxhb0VQOGJwRGppckRRb0Vsd19pX09MMWw2d0xNeUtwTkNENGhBeDFuNDlGVjItTGVrWHotYTZwSUdvckRtaXlkM0FFTnlwWjBIQTdBdDRpMW9NeFJxLURSTGF4MkdVbmg3VmZnSUZIaTlRZmRRaWhEa00wTEJCNFdXd0pCdVpvZWcwUk5kdnVUWnowa1pJZS0zNDlnS1FRRzEwIn19'
    [Mon Sep  9 04:26:49 EDT 2019] base64 single line.
    [Mon Sep  9 04:26:49 EDT 2019] _sig_t='QQtjzewmRpVd61jLJWIz2xqnZVvW/R5NdSS1jOHvf/mOhEWSn30p3rqpXrHwDCmlvxNUJq/tyUSAq+0W6XQbwTJKg9LsKaaS2w3pWUqiYT1dTWL7I/cFudcCL9+r4CCNrei9ArpCRFSZ2+vnm8AYgZJG9Bxd5c4Hp9wwjSVJ/RQlgRyYbrQVJYNfXiLjXCyUOUjJlqU0XjabA8h1pL+492fDQv9lF7+B4smolqLO0POARUZXgz7V4/neKT6KB+Z6I/rQwix+p6+VDwLpUIEiO5rm34YPzDwc5MhM73pQ4opw7iqdGSu9dKyuOg+40wpsD2NWG2zYuecakCqFTIT8f4yhTtHkKG+VTqCACZQsqx9SlJIVuVfJOf4MCnXp4xdfd/O3dvqILgGZrxmy9BEbYY+QeqH1b2ccpjqqxwVl5rcUdwwPgHJ9pVuJCzMxoH3qvruif4D3EeOt6ODGt26nERA8kRDe6fyzxnZ2XLlqAK2z3RbcGCIgVpKTWYIZ0QTzjKLCo4/LQkfx4I4D4DbO6vUwbPrHA1NqLjX4gYvKEr8fy4X/ARmNsx8dcaGNY6HFSmA5rqKlhbYnNtrbBPtJU6CBP+hJEWhYJUGAxKqSJ/4WpKBzEB/nDKu2Sw9fs5pSXJhYo6o4sU0MOYkSzBFQI8Pejw0WIYk8Tdb8NX+po6c='
    [Mon Sep  9 04:26:49 EDT 2019] sig='QQtjzewmRpVd61jLJWIz2xqnZVvW_R5NdSS1jOHvf_mOhEWSn30p3rqpXrHwDCmlvxNUJq_tyUSAq-0W6XQbwTJKg9LsKaaS2w3pWUqiYT1dTWL7I_cFudcCL9-r4CCNrei9ArpCRFSZ2-vnm8AYgZJG9Bxd5c4Hp9wwjSVJ_RQlgRyYbrQVJYNfXiLjXCyUOUjJlqU0XjabA8h1pL-492fDQv9lF7-B4smolqLO0POARUZXgz7V4_neKT6KB-Z6I_rQwix-p6-VDwLpUIEiO5rm34YPzDwc5MhM73pQ4opw7iqdGSu9dKyuOg-40wpsD2NWG2zYuecakCqFTIT8f4yhTtHkKG-VTqCACZQsqx9SlJIVuVfJOf4MCnXp4xdfd_O3dvqILgGZrxmy9BEbYY-QeqH1b2ccpjqqxwVl5rcUdwwPgHJ9pVuJCzMxoH3qvruif4D3EeOt6ODGt26nERA8kRDe6fyzxnZ2XLlqAK2z3RbcGCIgVpKTWYIZ0QTzjKLCo4_LQkfx4I4D4DbO6vUwbPrHA1NqLjX4gYvKEr8fy4X_ARmNsx8dcaGNY6HFSmA5rqKlhbYnNtrbBPtJU6CBP-hJEWhYJUGAxKqSJ_4WpKBzEB_nDKu2Sw9fs5pSXJhYo6o4sU0MOYkSzBFQI8Pejw0WIYk8Tdb8NX-po6c'
    [Mon Sep  9 04:26:49 EDT 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxbVoydjhlV0pfV1QyajlzY0dFakh1WjNBR1JwTld0VzM3MGVhcDhXaEROSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIm92NXNkWi1Ua25NZXdzWExCa0s4X2NDRjU5WHUwS2xreXdSZS1UNDI1MHNTTXp0RTFDY0ZJc3BzRU53ck5oWWVZeUVoV29GRFdnZE4tSXlhOXppRU5pZmVJZ0tySlZhdnlPMTNiOGlMUW41NXRMRjhNRXVfdDlSNzJjUnpPZVRPVnVjWEFYdHU5NTBoZEF4cG9VNmt6LUl1Z1NzYXZYeW9ZX1cyRi1DWERnMWRhT2RmN2ZON3N0UVRpV05xZVdzRFFtT0o1XzZHOTJvbm05aTl4bWpncWIzMUM1Z0hiZHBkOHZnZVNyXzBteXYyNmZ6NVFORFotR2FucjNfUmd0NWtVVmFjSnN1dk5XSi1HZWJRcmZoQ0dZZDFBMzZXelVESkNKS0pTZFdZN05OWlY3ZDN5Q21KbXFBQXBoNEM0cllXVE1wTUpvU2M2SFVOZ2hnTWszblU0UG5weTFncHMzYkhUQ0RyS2JtbnRUZ25HVGVXX19MNlBldW9EX3d0azU4cEtNQkhWTU5NNjFwMWhBR3NOY3l0dGpLV1BjU21aSy1YczFaNHF6SWRrUVlHbmRseHZpa1dyRjI3UFdlcnJlVkQyQlZBUnJTYVV3cjNCUU40UXpGT3VKN1ZuaXdnMnA1NjAyVTk5eV9JZ3A4SURVTDBtdkNVcDBpQmdMdWVOUXowWW01eGFwaWMzR0xheGFaQmxhb0VQOGJwRGppckRRb0Vsd19pX09MMWw2d0xNeUtwTkNENGhBeDFuNDlGVjItTGVrWHotYTZwSUdvckRtaXlkM0FFTnlwWjBIQTdBdDRpMW9NeFJxLURSTGF4MkdVbmg3VmZnSUZIaTlRZmRRaWhEa00wTEJCNFdXd0pCdVpvZWcwUk5kdnVUWnowa1pJZS0zNDlnS1FRRzEwIn19", "payload": "eyJjb250YWN0IjogWyJtYWlsdG86IEJyb2tlbkFjbWVUZXN0QG5hcHNob21lLm5ldCJdLCAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlfQ", "signature": "QQtjzewmRpVd61jLJWIz2xqnZVvW_R5NdSS1jOHvf_mOhEWSn30p3rqpXrHwDCmlvxNUJq_tyUSAq-0W6XQbwTJKg9LsKaaS2w3pWUqiYT1dTWL7I_cFudcCL9-r4CCNrei9ArpCRFSZ2-vnm8AYgZJG9Bxd5c4Hp9wwjSVJ_RQlgRyYbrQVJYNfXiLjXCyUOUjJlqU0XjabA8h1pL-492fDQv9lF7-B4smolqLO0POARUZXgz7V4_neKT6KB-Z6I_rQwix-p6-VDwLpUIEiO5rm34YPzDwc5MhM73pQ4opw7iqdGSu9dKyuOg-40wpsD2NWG2zYuecakCqFTIT8f4yhTtHkKG-VTqCACZQsqx9SlJIVuVfJOf4MCnXp4xdfd_O3dvqILgGZrxmy9BEbYY-QeqH1b2ccpjqqxwVl5rcUdwwPgHJ9pVuJCzMxoH3qvruif4D3EeOt6ODGt26nERA8kRDe6fyzxnZ2XLlqAK2z3RbcGCIgVpKTWYIZ0QTzjKLCo4_LQkfx4I4D4DbO6vUwbPrHA1NqLjX4gYvKEr8fy4X_ARmNsx8dcaGNY6HFSmA5rqKlhbYnNtrbBPtJU6CBP-hJEWhYJUGAxKqSJ_4WpKBzEB_nDKu2Sw9fs5pSXJhYo6o4sU0MOYkSzBFQI8Pejw0WIYk8Tdb8NX-po6c"}'
    [Mon Sep  9 04:26:49 EDT 2019] POST
    [Mon Sep  9 04:26:49 EDT 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
    [Mon Sep  9 04:26:49 EDT 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxbVoydjhlV0pfV1QyajlzY0dFakh1WjNBR1JwTld0VzM3MGVhcDhXaEROSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIm92NXNkWi1Ua25NZXdzWExCa0s4X2NDRjU5WHUwS2xreXdSZS1UNDI1MHNTTXp0RTFDY0ZJc3BzRU53ck5oWWVZeUVoV29GRFdnZE4tSXlhOXppRU5pZmVJZ0tySlZhdnlPMTNiOGlMUW41NXRMRjhNRXVfdDlSNzJjUnpPZVRPVnVjWEFYdHU5NTBoZEF4cG9VNmt6LUl1Z1NzYXZYeW9ZX1cyRi1DWERnMWRhT2RmN2ZON3N0UVRpV05xZVdzRFFtT0o1XzZHOTJvbm05aTl4bWpncWIzMUM1Z0hiZHBkOHZnZVNyXzBteXYyNmZ6NVFORFotR2FucjNfUmd0NWtVVmFjSnN1dk5XSi1HZWJRcmZoQ0dZZDFBMzZXelVESkNKS0pTZFdZN05OWlY3ZDN5Q21KbXFBQXBoNEM0cllXVE1wTUpvU2M2SFVOZ2hnTWszblU0UG5weTFncHMzYkhUQ0RyS2JtbnRUZ25HVGVXX19MNlBldW9EX3d0azU4cEtNQkhWTU5NNjFwMWhBR3NOY3l0dGpLV1BjU21aSy1YczFaNHF6SWRrUVlHbmRseHZpa1dyRjI3UFdlcnJlVkQyQlZBUnJTYVV3cjNCUU40UXpGT3VKN1ZuaXdnMnA1NjAyVTk5eV9JZ3A4SURVTDBtdkNVcDBpQmdMdWVOUXowWW01eGFwaWMzR0xheGFaQmxhb0VQOGJwRGppckRRb0Vsd19pX09MMWw2d0xNeUtwTkNENGhBeDFuNDlGVjItTGVrWHotYTZwSUdvckRtaXlkM0FFTnlwWjBIQTdBdDRpMW9NeFJxLURSTGF4MkdVbmg3VmZnSUZIaTlRZmRRaWhEa00wTEJCNFdXd0pCdVpvZWcwUk5kdnVUWnowa1pJZS0zNDlnS1FRRzEwIn19", "payload": "eyJjb250YWN0IjogWyJtYWlsdG86IEJyb2tlbkFjbWVUZXN0QG5hcHNob21lLm5ldCJdLCAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlfQ", "signature": "QQtjzewmRpVd61jLJWIz2xqnZVvW_R5NdSS1jOHvf_mOhEWSn30p3rqpXrHwDCmlvxNUJq_tyUSAq-0W6XQbwTJKg9LsKaaS2w3pWUqiYT1dTWL7I_cFudcCL9-r4CCNrei9ArpCRFSZ2-vnm8AYgZJG9Bxd5c4Hp9wwjSVJ_RQlgRyYbrQVJYNfXiLjXCyUOUjJlqU0XjabA8h1pL-492fDQv9lF7-B4smolqLO0POARUZXgz7V4_neKT6KB-Z6I_rQwix-p6-VDwLpUIEiO5rm34YPzDwc5MhM73pQ4opw7iqdGSu9dKyuOg-40wpsD2NWG2zYuecakCqFTIT8f4yhTtHkKG-VTqCACZQsqx9SlJIVuVfJOf4MCnXp4xdfd_O3dvqILgGZrxmy9BEbYY-QeqH1b2ccpjqqxwVl5rcUdwwPgHJ9pVuJCzMxoH3qvruif4D3EeOt6ODGt26nERA8kRDe6fyzxnZ2XLlqAK2z3RbcGCIgVpKTWYIZ0QTzjKLCo4_LQkfx4I4D4DbO6vUwbPrHA1NqLjX4gYvKEr8fy4X_ARmNsx8dcaGNY6HFSmA5rqKlhbYnNtrbBPtJU6CBP-hJEWhYJUGAxKqSJ_4WpKBzEB_nDKu2Sw9fs5pSXJhYo6o4sU0MOYkSzBFQI8Pejw0WIYk8Tdb8NX-po6c"}'
    [Mon Sep  9 04:26:49 EDT 2019] _postContentType='application/jose+json'
    [Mon Sep  9 04:26:49 EDT 2019] Http already initialized.
    [Mon Sep  9 04:26:49 EDT 2019] _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header  -g '
    [Mon Sep  9 04:28:49 EDT 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 52
    [Mon Sep  9 04:28:49 EDT 2019] _ret='52'
    [Mon Sep  9 04:28:49 EDT 2019] responseHeaders='HTTP/1.1 100 Continue
    Expires: Mon, 09 Sep 2019 08:26:49 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    '
    [Mon Sep  9 04:28:49 EDT 2019] code='100'
    [Mon Sep  9 04:28:49 EDT 2019] original
    [Mon Sep  9 04:28:49 EDT 2019] response
    [Mon Sep  9 04:28:49 EDT 2019] Register account Error: 
    
    

    Also Output of curl -v https://acme-v02.api.letsencrypt.org/acme/new-acct seen in some places online as requested info for troubleshooting ACME/LE

    [2.4.4-RELEASE][Napsterbater@car2.napshome.local]/home/Napsterbater: curl -v https://acme-v02.api.letsencrypt.org/acme/new-acct
    * Expire in 0 ms for 6 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 2 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 3 ms for 1 (transfer 0x803a94000)
    * Expire in 3 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 3 ms for 1 (transfer 0x803a94000)
    * Expire in 3 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 5 ms for 1 (transfer 0x803a94000)
    * Expire in 5 ms for 1 (transfer 0x803a94000)
    * Expire in 4 ms for 1 (transfer 0x803a94000)
    * Expire in 6 ms for 1 (transfer 0x803a94000)
    * Expire in 6 ms for 1 (transfer 0x803a94000)
    * Expire in 8 ms for 1 (transfer 0x803a94000)
    * Expire in 9 ms for 1 (transfer 0x803a94000)
    * Expire in 9 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 12 ms for 1 (transfer 0x803a94000)
    * Expire in 12 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 12 ms for 1 (transfer 0x803a94000)
    * Expire in 12 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 16 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 32 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 64 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 64 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 64 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 50 ms for 1 (transfer 0x803a94000)
    * Expire in 64 ms for 1 (transfer 0x803a94000)
    * Expire in 200 ms for 1 (transfer 0x803a94000)
    * Expire in 200 ms for 1 (transfer 0x803a94000)
    * Expire in 64 ms for 1 (transfer 0x803a94000)
    * Expire in 200 ms for 1 (transfer 0x803a94000)
    * Expire in 200 ms for 1 (transfer 0x803a94000)
    * Expire in 200 ms for 1 (transfer 0x803a94000)
    *   Trying 2600:1402:19:39b::3a8e...
    * TCP_NODELAY set
    * Expire in 149760 ms for 3 (transfer 0x803a94000)
    * Expire in 200 ms for 4 (transfer 0x803a94000)
    * Connected to acme-v02.api.letsencrypt.org (2600:1402:19:39b::3a8e) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /usr/local/share/certs/ca-root-nss.crt
      CApath: none
    * TLSv1.2 (OUT), TLS header, Certificate Status (22):
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    * TLSv1.2 (IN), TLS handshake, Server finished (14):
    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
    * TLSv1.2 (OUT), TLS handshake, Finished (20):
    * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
    * TLSv1.2 (IN), TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    * ALPN, server accepted to use http/1.1
    * Server certificate:
    *  subject: CN=acme-v02.api.letsencrypt.org
    *  start date: Jul 19 04:46:54 2019 GMT
    *  expire date: Oct 17 04:46:54 2019 GMT
    *  subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
    *  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
    *  SSL certificate verify ok.
    > GET /acme/new-acct HTTP/1.1
    > Host: acme-v02.api.letsencrypt.org
    > User-Agent: curl/7.64.0
    > Accept: */*
    >
    < HTTP/1.1 405 Method Not Allowed
    < Server: nginx
    < Content-Type: application/problem+json
    < Content-Length: 103
    < Allow: POST
    < Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    < Expires: Mon, 09 Sep 2019 08:35:12 GMT
    < Cache-Control: max-age=0, no-cache, no-store
    < Pragma: no-cache
    < Date: Mon, 09 Sep 2019 08:35:12 GMT
    < Connection: keep-alive
    <
    {
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Method not allowed",
      "status": 405
    * Connection #0 to host acme-v02.api.letsencrypt.org left intact
    

  • LAYER 8

    @Napsterbater said in LE/Acme Register Account Key Issue.:

    https://curl.haxx.se/libcurl/c/libcurl-errors.html

    CURLE_GOT_NOTHING (52)

    Nothing was returned from the server, and under the circumstances, getting nothing is considered an error.

    i think you should check here

    _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header -g '

    i don't use acme. // is it a typo ? even so it shoudn't be a problem ...


  • Rebel Alliance Developer Netgate

    Does the failing box happen to have IPv6 connectivity when the working one doesn't? I have seen a similar failure in the past, but not consistently, when trying to contact LE over IPv6. Setting the firewall to prefer IPv4 seemed to get it past that point.



  • @jimp said in LE/Acme Register Account Key Issue.:

    Does the failing box happen to have IPv6 connectivity when the working one doesn't? I have seen a similar failure in the past, but not consistently, when trying to contact LE over IPv6. Setting the firewall to prefer IPv4 seemed to get it past that point.

    No, both use/prefer IPv6. Though as a test I might try that.

    Though I don't believe that should matter since the output from curl -v seems to show working IPV6 connectivity.

    Edit: and thinking about it you might have gaven me something to go on. I'm going to try and double check IPv6 PMTUD for that box/network as well when I get home.



  • @kiokoman said in LE/Acme Register Account Key Issue.:

    @Napsterbater said in LE/Acme Register Account Key Issue.:

    https://curl.haxx.se/libcurl/c/libcurl-errors.html

    CURLE_GOT_NOTHING (52)

    Nothing was returned from the server, and under the circumstances, getting nothing is considered an error.

    i think you should check here

    _CURL='curl -L --silent --dump-header /tmp/acme/_registerkey//http.header -g '

    i don't use acme. // is it a typo ? even so it shoudn't be a problem ...

    I saw that site and the explanation for that error code but that exact line shows in the working one as well and it doesn't seem to have any problems with it. Though I might actually check that file when I get home. I did not do that.



  • So I do think it is going to be a IPv6 PMTUD issue based on running this from SSH

    curl "http://mtu1280.vm1.test-ipv6.com/ip/?callback=?&size=1600&fill=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&testdomain=test-ipv6.com&testname=test_v6mtu"
    

    On the broken box does not work you just get

    curl: (52) Empty reply from server
    

    yet works fins on the working box, and of course that is the error seen in the above log.

    Got that link/test from http://test-ipv6.com/

    Strange thing is systems behind it have no PMTUD issue.

    But I am confident its not an ACME/LE issue at this point. Ill dive deeper at the end of the week.

    Thanks for sparking the idea to check that.



  • @Napsterbater So I confirmed via packet caps it was a broken PMTUD issue on the Broken box, seems related to NPt, but that is another story.

    Thanks for the help.


Log in to reply