Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: emitechno.com
I ran this command:
It produced this output:
My web server is (include version): nginx:1.17
The operating system my web server runs on is (include version): i use docker (ubuntu 20.04)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
How is your server connected to the Internet?
Is it possible that your Docker configuration, or a firewall setup, is preventing or limiting outbound network connections?
The Let's Encrypt client application needs to be able to make an outgoing connection to the Let's Encrypt API in order to request certificates.
i can ping google.com.
i dont preventing or limiting outbound network connections
Can you try with
curl -v and see which IP address is being used?
What does the routing table look like?
This part seems flawed:
Why are those real Internet networks in your routing table?
i use docker, and this docker network
i dont know, i use default by docker network
Well, it seems like it is part of the (routing) problem.
I'd go ask on a
docker forum about this routing issue.
To obtain a cert and ignore the incorrect routing, you could:
- switch to
- do the
HTTP-01 authentication on another instance or on the host
thanks for the advice and information
Cloudflare, the CDN used by LE, currently seems to be using a 172.x.x.x IP address. Sometimes people route the
172.16.0.0/12 private IP space as
18.104.22.168/8, which would include the Cloudflare address too. Which is bad. So that might also be something to look into, private IP space routing.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.