Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35

[leungjianjun]

curl https://get.acme.sh | sh

[2018年 03月 23日 星期五 10:20:36 UTC] Installing from online archive.
[2018年 03月 23日 星期五 10:20:36 UTC] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[2018年 03月 23日 星期五 10:20:36 UTC] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[2018年 03月 23日 星期五 10:20:36 UTC] Download error.

Platform: centos 7 x64
经测试添加 --tlsv1参数可以下载 https://github.com/Neilpang/acme.sh/archive/master.tar.gz

[chriscroome]

I have just hit this issue as well, trying to upgrade:

acme.sh --upgrade
[Fri Mar 23 11:39:03 GMT 2018] Installing from online archive.
[Fri Mar 23 11:39:03 GMT 2018] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Fri Mar 23 11:39:04 GMT 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Fri Mar 23 11:39:04 GMT 2018] Download error.
[Fri Mar 23 11:39:04 GMT 2018] Upgrade failed!

Trying to reinstall:

wget -O -  https://get.acme.sh | sh
...
[Fri Mar 23 11:40:15 GMT 2018] Installing from online archive.
[Fri Mar 23 11:40:15 GMT 2018] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Fri Mar 23 11:40:19 GMT 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Fri Mar 23 11:40:19 GMT 2018] Download error.

The error code: 35 is:

CURLE_SSL_CONNECT_ERROR (35)

A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others.

So, trying to just use wget and not curl:

export ACME_USE_WGET=1
wget -O -  https://get.acme.sh | sh
 ERROR: certificate common name `www.github.com' doesn't match requested host name `raw.githubusercontent.com'.
 To connect to raw.githubusercontent.com insecurely, use `--no-check-certificate'.
 Unable to establish SSL connection.

Editing the install script from https://get.acme.sh/ to add --no-check-certificate:

#!/usr/bin/env sh

#https://github.com/Neilpang/get.acme.sh

_exists() {
  cmd="$1"
  if [ -z "$cmd" ] ; then
    echo "Usage: _exists cmd"
    return 1
  fi
  if type command >/dev/null 2>&1 ; then
    command -v $cmd >/dev/null 2>&1
  else
    type $cmd >/dev/null 2>&1
  fi
  ret="$?"
  return $ret
}

if _exists curl && [ "${ACME_USE_WGET:-0}" = "0" ]; then
  curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 sh
elif _exists wget ; then
  wget --no-check-certificate -O -  https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1 sh
else
  echo "Sorry, you must have curl or wget installed first."
  echo "Please install either of them and try again."
fi

And running that:

bash ./get.acme.sh
...
[Fri Mar 23 11:52:54 GMT 2018] Installing from online archive.
[Fri Mar 23 11:52:54 GMT 2018] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Fri Mar 23 11:52:54 GMT 2018] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 1
[Fri Mar 23 11:52:54 GMT 2018] Download error.

So trying manually:

wget "https://github.com/Neilpang/acme.sh/archive/master.tar.gz"
--2018-03-23 11:55:21--  https://github.com/Neilpang/acme.sh/archive/master.tar.gz
Resolving github.com... 192.30.253.112, 192.30.253.113
Connecting to github.com|192.30.253.112|:443... connected.
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Unable to establish SSL connection.

So basically this old server is too old for modern TLS, so I downloaded the latest version locally, SCP'd it to the server and:

tar -zxvf master.tar.gz
cd acme.sh-master
./acme.sh --install

And it has now installed.

Hope this helps!

[FernandoMiguel]

FYI github has deprecated TLS v1 and 1.1 and only allows v1.2
could be why it started failing
https://githubengineering.com/crypto-deprecation-notice/
https://githubengineering.com/crypto-removal-notice/

[chriscroome]

Looks like the server I was trying to do this on is simply too old:

acme.sh --issue -d example.org -w /var/www/
[Fri Mar 23 14:22:11 GMT 2018] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 1
[Fri Mar 23 14:22:11 GMT 2018] Can not init api.
[Fri Mar 23 14:22:12 GMT 2018] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 1
[Fri Mar 23 14:22:12 GMT 2018] Can not init api.
[Fri Mar 23 14:22:12 GMT 2018] Registering account
[Fri Mar 23 14:22:16 GMT 2018] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 1
[Fri Mar 23 14:22:17 GMT 2018] Registered
[Fri Mar 23 14:22:17 GMT 2018] Can not find account id url.
[Fri Mar 23 14:22:17 GMT 2018] 
[Fri Mar 23 14:22:17 GMT 2018] Please add '--debug' or '--log' to check more details.
[Fri Mar 23 14:22:17 GMT 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

[it-noob]

在6.5等centos下的curl默认不使用tls v1.2，导致源码下载失败，作者可否修改下下载命令使用wget而不是curl呢？ @Neilpang

[Neilpang]

@it-noob --use-wget

[coocheenin]

@chriscroome Thank you for your review! But tar -zxvf acme.sh-master.tar.gz will be correct.

[chaihongjun]

@chriscroome so，Can you upgrade automatically?

[coocheenin]

@chriscroome so，Can you upgrade automatically?

If yours OpenSSL is 1.0.1 or later - yes. Just type:
acme.sh --upgrade --use-wget