Error «remote error: tls: internal error» when issuing a Let's Encrypt certificate

Symptoms

A Let's Encrypt SSL certificate fails to be issued, the certificate log displays an error of the following kind:

Fetching https://www.domain.com:443/.well-known/acme-challenge/kaS346jgsdfkASDmdfkPkDm634DSAkk: remote error: tls: internal error

When executing a curl -IkLvvv request to the domain, the error «tlsv1 alert internal error» is returned:

#curl -IkLvvv domain.com | grep "tlsv1 alert internal error"
* error:0A000438:SSL routines::tlsv1 alert internal error
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error

Causes

The site is protected by a proxy server that rejects requests from Let's Encrypt.

Solution

If you use your own or a third-party proxy server, configure it to approve requests for self-signed certificates and use CA-approved certificates provided by the proxy server.

If you use BitNinja on your server, disable WAF Pro and enable WAF 2.0 instead.

SSL

Error «remote error: tls: internal error» when issuing a Let's Encrypt certificate

Symptoms

Causes

Solution

In this article