curl and wget will not work on fresh install

[Anexgohan]

So, i've been trying to set up my Proxmox server as a new Linux user its a slow and mind-numbing task,
I'm stuck on a part that has absolutely halted any progress and I have spent days (at least 4) trying to figure it out and get past it.
I made another thread but making a new one as I think I may not have worded it correctly so please bear with me.

My steps
1). fresh proxmox Install
2). run updates and install and reboot proxmox. this all works flawlessly

apt-get update && apt-get upgrade
apt-get update && apt-get dist-upgrade
apt-get update && apt-get install build-essentials
apt-get update && apt-get install curl wget

3). Create a new LXC container using "debian-ll-standard 11.6-1 amd64-tar-zst"
4). run updates on the container everything works
5). use curl

curl -sSL https://install.pi-hole.net | bash

get error

root@freshtest:~# curl -sSL https://install.pi-hole.net | bash
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to raw.githubusercontent.com:443

this is what I get with -v

curl -sSL -v https://install.pi-hole.net | bash

output

root@freshtest:~# curl -sSL -v https://install.pi-hole.net | bash
*   Trying 164.90.255.4:443...
* Connected to install.pi-hole.net (164.90.255.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [5101 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=pi-hole.net
*  start date: Nov  2 00:00:00 2022 GMT
*  expire date: Jan 31 23:59:59 2023 GMT
*  subjectAltName: host "install.pi-hole.net" matched cert's "*.pi-hole.net"
*  issuer: C=AT; O=ZeroSSL; CN=ZeroSSL RSA Domain Secure Site CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x55b03e81e2c0)
} [5 bytes data]
> GET / HTTP/2
> Host: install.pi-hole.net
> user-agent: curl/7.74.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [130 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
} [5 bytes data]
< HTTP/2 302
< content-type: text/html
< date: Mon, 02 Jan 2023 16:19:58 GMT
< location: https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh
< server: nginx/1.20.1
< content-length: 145
<
{ [5 bytes data]
* Ignoring the response-body
{ [145 bytes data]
* Connection #0 to host install.pi-hole.net left intact
* Issue another request to this URL: 'https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh'
*   Trying 202.83.21.15:443...
* Connected to raw.githubusercontent.com (202.83.21.15) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to raw.githubusercontent.com:443
* Closing connection 1
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to raw.githubusercontent.com:443
root@freshtest:~#

6). Using wget is no different

wget -O basic-install.sh https://install.pi-hole.net

output

root@freshtest:~# wget -O basic-install.sh https://install.pi-hole.net
--2023-01-02 22:04:00--  https://install.pi-hole.net/
Resolving install.pi-hole.net (install.pi-hole.net)... 164.90.255.4
Connecting to install.pi-hole.net (install.pi-hole.net)|164.90.255.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh [following]
--2023-01-02 22:04:01--  https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 202.83.21.15
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|202.83.21.15|:443... connected.
GnuTLS: The TLS connection was non-properly terminated.
Unable to establish SSL connection.
root@freshtest:~#

The error happens to anything that leads to the address "https://raw.githubusercontent.com"
the above URL leads to "https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated install/basic-install.sh" btw

any other file that leads to raw.githubusercontent.com will not return any file or connection I tried several, like the basic darktheme
wget https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh
will also error out

root@freshtest:~# wget https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh
--2023-01-02 22:09:00--  https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 202.83.21.15
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|202.83.21.15|:443... connected.
GnuTLS: The TLS connection was non-properly terminated.
Unable to establish SSL connection.
root@freshtest:~#

I'm at a loss now, I have basically tried out every google search, reddit or proxmox forum search and returned in defeat,
Please help a fellow out
Thankyou for your time.

 

[bbgeek17]

5). use curl

is this from inside the container or on the PVE host itself? If its the former, does it work directly on PVE? You can drop "|bash" to avoid running the script.

Other than that, is there some home brew router/firewall acting as a gateway and an intermediary proxy? Does traceroute show anything interesting?

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[marissachan]

I might have a similar issue as you. But before I make my own thread I am curious about one thing:

How do you run the commands within your lxc? Do you use pct enter CONTAINERID or do you use the webui?

For me I can run curl without issues through the webui (novnc), but not through the pct enter (which uses lxc attach).

 

[Anexgohan]

I might have a similar issue as you. But before I make my own thread I am curious about one thing:

How do you run the commands within your lxc? Do you use pct enter CONTAINERID or do you use the webui?

I can run commands using all of the following: GUI, pct enter <id>, lxc-attach <id>, through ssh
there's certainly some issue here, if you are unable to use pct enter.
try running curl command as sudo

Also,
This is how I resolved my issue:
Turns out my freaking country has banned raw.githubusercontent.com in their infinite wisdom, so ISP's are blocking any query to it.
You can bypass that by manually entering the ip "185.199.111.133" of raw.githubusercontent.com in your /etc/hosts file like this:

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

# ISP unblocked websites
185.199.111.133 raw.githubusercontent.com

 

[sb-jw]

That's why you shouldn't use the provider's DNS