Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1016515: dehydrated: Problem connecting to server: curl returned with 35
55 views
Skip to first unread message
Jon Daley
Aug 2, 2022, 3:40:03 AM8/2/22
to
Package: dehydrated
Version: 0.7.0-2
Severity: important
Dear Maintainer,
I get sporadic failures at different points in the dehydrated process, and
I see bug reports over the years reporting similar issues, I don't see any
current bugs. I found one bug report that talked about changing dehydrated
to use the curl --retry options once curl supports them, so maybe upstream
isn't ready to add them yet, but at least this report might help those with
problems.
Adding the folowing to /etc/dehydrated/conf.d/retry.sh helped make my system
always be able to renew a certificate successfully.
CURL_OPTS="--retry 3 --retry-all-errors"
The documentation explicitly doesn't recommend using --retry-all-errors in
a script such as this, but do better error handling, so I don't think it is
probably right to set it as the default, but maybe putting this in the
documentation or somewhere will be useful to others.
Without this fix, I get errors like:
ERROR: Problem connecting to server (get for https://acme-v02.api.letsencrypt.org/directory; curl returned with 35)
and
ERROR: Problem connecting to server (post for https://acme-v02.api.letsencrypt.org/acme/authz-v3/1370####; curl returned with 35)
EXPECTED value GOT EOF
Interestingly enough, using curl manually to those URLs always works fine,
just not when called through dehydrated, so I'm not sure what the
difference is. I compared /etc/ssl/certs/* to a working system (I have
another system on the same network that always works perfectly fine
running the same version of Debian; so it took a while to track this
down, I assumed it was an SSL connection issue.
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-13-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dehydrated depends on:
ii ca-certificates 20210119
ii curl 7.74.0-1.3+deb11u2
ii openssl 1.1.1n-0+deb11u3
dehydrated recommends no packages.
dehydrated suggests no packages.
-- no debconf information
Version: 0.7.0-2
Severity: important
Dear Maintainer,
I get sporadic failures at different points in the dehydrated process, and
I see bug reports over the years reporting similar issues, I don't see any
current bugs. I found one bug report that talked about changing dehydrated
to use the curl --retry options once curl supports them, so maybe upstream
isn't ready to add them yet, but at least this report might help those with
problems.
Adding the folowing to /etc/dehydrated/conf.d/retry.sh helped make my system
always be able to renew a certificate successfully.
CURL_OPTS="--retry 3 --retry-all-errors"
The documentation explicitly doesn't recommend using --retry-all-errors in
a script such as this, but do better error handling, so I don't think it is
probably right to set it as the default, but maybe putting this in the
documentation or somewhere will be useful to others.
Without this fix, I get errors like:
ERROR: Problem connecting to server (get for https://acme-v02.api.letsencrypt.org/directory; curl returned with 35)
and
ERROR: Problem connecting to server (post for https://acme-v02.api.letsencrypt.org/acme/authz-v3/1370####; curl returned with 35)
EXPECTED value GOT EOF
Interestingly enough, using curl manually to those URLs always works fine,
just not when called through dehydrated, so I'm not sure what the
difference is. I compared /etc/ssl/certs/* to a working system (I have
another system on the same network that always works perfectly fine
running the same version of Debian; so it took a while to track this
down, I assumed it was an SSL connection issue.
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-13-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dehydrated depends on:
ii ca-certificates 20210119
ii curl 7.74.0-1.3+deb11u2
ii openssl 1.1.1n-0+deb11u3
dehydrated recommends no packages.
dehydrated suggests no packages.
-- no debconf information
Jon Daley
Oct 15, 2022, 9:40:04 PM10/15/22
to
Package: dehydrated
Version: 0.7.0-2
Followup-For: Bug #1016515
FYI.
Hi, I recently upgraded another server to bullseye, and started getting this error.
I googled around and see everyone who had problems with older cURLs and dehydrated versions in 2019,
but my versions are newer than what they are talking about.
Eventually I thought to test it on a different server and re-found the cURL retry problem, and that
solved it for this server as well.
-- System Information:
Debian Release: 11.5
Version: 0.7.0-2
Followup-For: Bug #1016515
FYI.
Hi, I recently upgraded another server to bullseye, and started getting this error.
I googled around and see everyone who had problems with older cURLs and dehydrated versions in 2019,
but my versions are newer than what they are talking about.
Eventually I thought to test it on a different server and re-found the cURL retry problem, and that
solved it for this server as well.
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-14-amd64 (SMP w/12 CPU threads)
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dehydrated depends on:
ii ca-certificates 20210119
ii curl 7.74.0-1.3+deb11u3
ii ca-certificates 20210119
0 new messages