Install Installation stuck at Download libressl-2.4.3.tar.gz ...

should be 5 seconds for curl header check, but seems you pass the header check but can't download

---

 

new option added to 123.09beta01 Beta Branch - add LOCALCENTMINMOD_MIRROR variable in 123.09beta01 | Centmin Mod Community

so just before run centmin.sh, instead of editing centmin.sh directly, set persistent config file at /etc/centminmod/custom_config.inc (create file if doesn't exist), and set in it the variable to override centmin.sh file set version

Code (Text):

LOCALCENTMINMOD_MIRROR='https://centmin.sh'

 

interesting error SSL error: tlsv1 alert internal error
as the download does exist

curl header check from my Tokyo mirror

Code (Text):

curl -I https://centmin.sh/centminmodparts/ccache/ccache-3.3.2.tar.gz
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2016 20:04:12 GMT
Content-Type: application/octet-stream
Content-Length: 445945
Connection: keep-alive
Set-Cookie: __cfduid=d4b3ad67aa7c5690094891f4635647d5e1475611452; expires=Wed, 04-Oct-17 20:04:12 GMT; path=/; domain=.centmin.sh; HttpOnly
Last-Modified: Mon, 03 Oct 2016 03:24:29 GMT
ETag: "57f1cf6d-6cdf9"
X-Powered-By: centminmod
Expires: Thu, 03 Nov 2016 20:04:12 GMT
Cache-Control: public, max-age=2592000
Link: <http://centminmod.com/centminmodparts/ccache/ccache-3.3.2.tar.gz>; rel="canonical"
CF-Cache-Status: MISS
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2ecb3dda1e3f5128-SJC

what version of CentOS you installing on ? CentOS 6.8 or 7.2 ?

what do you get for output for this command

Code (Text):

curl -Isv https://centmin.sh/centminmodparts/ccache/ccache-3.3.2.tar.gz

 

again checking headers looks fine !

if you do a yum update any updates ?

Code (Text):

yum -y update

 

weird tried on 10 different servers and they all work.. you can verify via manual download to /svr-setup

Code (Text):

cd /svr-setup
rm -rf /svr-setup/ccache-3.3.2.tar.gz
wget http://centmin.sh/centminmodparts/ccache/ccache-3.3.2.tar.gz

 

indeed could be an issue with one of cloudflare's edge servers themselves ? just this time you got allocated a different cloudflare edge server to serve the download

 

Actually i think i know somewhat what's going on, as the official ccache download link would only failover to my local centmin.sh cloudflare mirror if the official mirror was down . I checked the ccache official download link has a force http to https redirect now to https://www.samba.org/ftp/ccache/ it use to be non-https. So it could be and issue with the CentOS 7 systems ssl handshake with https sites causing it to fail on official mirror download and on centminmod.com and centmin.sh https based downloads.

I'll update official ccache download url to the new https version as well

 

nope looks like it's a cloudflare issue on centmin.sh did a fresh centos 7 install with variable set

Code (Text):

LOCALCENTMINMOD_MIRROR='https://centmin.sh'

and got

Code (Text):

Download ccache-3.3.2.tar.gz ...
Initializing download: https://centmin.sh/centminmodparts/ccache/ccache-3.3.2.tar.gz
SSL error: tlsv1 alert internal error

Error: ccache-3.3.2.tar.gz download failed.
check Centmin Mod log for details at /root/centminlogs/
Aborting script...

will have to investigate, though for you ccache official mirror should be working now so shouldn't need to set LOCALCENTMINMOD_MIRROR='CentminMod.com LEMP Fully Optimized Nginx web stack for CentOS at all

 

seems problem is axel download accelerator doesn't like cloudflare https !

Code (Text):

axel https://centmin.sh/centminmodparts/ccache/ccache-3.3.2.tar.gz
Initializing download: https://centmin.sh/centminmodparts/ccache/ccache-3.3.2.tar.gz
SSL error: tlsv1 alert internal error

submitted a bug report to axel folks cloudflare SSL error: tlsv1 alert internal error · Issue #35 · eribertomota/axel · GitHub

looks like it's to do with axel compiled against system openssl 1.0.1e in centos which doesn't support ECDSA ssl ciphers used in cloudflare's free ssl certificates as they used ECC 256bit SSL certs with ECDSA. Need to upgrade to paid plan on cloudflare to get wider standard RSA 2048bit SSL cert support [details] for HTTPS served sites on cloudflare or compile axel against openssl 1.0.2+. This is what Nginx does compile against openssl 1.0.2+. But axel install routine is very first thing installed so openssl 1.0.2+ custom install is not available at the axel install stage.

this could be problematic if more sites online start using cloudflare free ssl plans with ECDSA ciphers as then there's more chance a 3rd party download link will be behind cloudflare free ssl HTTPS and run into this bug. So looks like i need to sort this out by either adding axel compile time support for openssl 1.0.2+ or using axel alternative for downloads that are multi-threaded instead of single threaded wget downloads. Problem with adding openssl 1.0.2+ to axel is the source compile time of openssl 1.0.2+ is much longer than the benefits obtained from using axel (multi-threaded downloads) in the first place over wget (single threaded).

or i can just check for download link's header to see if cloudflare serves it as curl supports ECDSA in CentOS 6.8 and 7 so if cloudflare is detected use wget and if not use axel.

edit: workaround added for ECDSA at https://community.centminmod.com/th...eck-for-ecdsa-ssl-based-https-download….9018/