Requests to Lets Encrypt ACME server failed with 525 Origin SSL Handshake Error

Hi.

I am writing a Worker script that automates the process of ordering new certificates from Lets Encrypt via its ACME API and completing the DNS challenges.

At first, the script requests https://acme-staging-v02.api.letsencrypt.org/directory to get a list of sub-service endpoints. The code can be simplified as:

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

/**
 * Respond to the request
 * @param {Request} request
 */
async function handleRequest(request) {
  const r = await fetch('https://acme-staging-v02.api.letsencrypt.org/directory')
  return new Response(await r.text(), {headers: r.headers})
}

In the preview of the online editor (https://dash.cloudflare.com/{ACCOUNT_ID}/workers/edit/{WORKER-NAME}) or wrangler preview, it works as expected and returns a valid JSON. curl https://acme-staging-v02.api.letsencrypt.org/directory locally also returns valid output. But after being deployed (now at https://red-surf-5c99.bamboo.workers.dev/) directly, it returns with an error 525 Origin SSL Handshake Error (i.e. Fetching the ACME API fails).

I did read the suggestions given by the community tip about the 525 error. But it does not apply well in my case. The ACME API is out of my control and I have no way to diagnose the problem. Could it be some restrictions by Workers or the ACME API of Lets Encrypt itself? Are there any workarounds or specific options I can/need tune?

Hi there,

Can you try redeploying your worker? If this doesn’t help, I’d recommend contacting Cloudflare Support in order to troubleshoot this issue.

Best

Hi, TKlein. Thanks for your advice. I just attempted to re-deploy it multiple times and created new workers. But the problem still persists. I am opening a support ticket. :slight_smile:

1 Like

Hmm, I had this issue yesterday when I need to move a domain to SSL. I really couldn’t find a solution to the 525 issue, then after toggling the “orange icon” a few time, it just started working :man_shrugging: