Let’s Encrypt certificate issuance fails in Plesk for Kazakhstan-based hosts: Could not obtain directory: cURL error 52: Empty reply from server

Symptoms

Attempts to request or renew an SSL/TLS certificate via Domains > example.com > SSL/TLS Certificate result in the following errors such as:

PLESK_ERROR: Could not issue an SSL/TLS certificate for example.com
Details: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
Details: Could not obtain directory: cURL error 52: Empty reply from server (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://acme-v02.api.letsencrypt.org/directory

Direct curl request from a Kazakhstan-based server shows:

# curl -v https://acme-v02.api.letsencrypt.org/directory
> GET /directory HTTP/2
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.61.1
> Accept: */*
>
* Empty reply from server
curl: (52) Empty reply from server

However, the same command executed from a non-Kazakhstan IP returns a valid response:

# curl -v https://acme-v02.api.letsencrypt.org/directory
< HTTP/2 200
< content-type: application/json
< cache-control: public, max-age=0, no-cache
...

Cause

The root cause is connectivity limitations between Kazakhstan IP addresses and the Let's Encrypt ACME API. Affected servers experience:

• Regional filtering or geo-blocking from Let's Encrypt
• Rate limiting by ASN or IP range

Similar issues have been reported in the Let’s Encrypt community forums

Resolution

Submit feedback with your IP and command output to the Let’s Encrypt Community for further analysis.

Alternatively, use one of the following workarounds:

• Use a VPN or a remote server located outside of Kazakhstan to issue the certificate
• Use another SSL provider if urgent issuance is required