An unexpected error occurred: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: emitechno.com

I ran this command:

It produced this output:

My web server is (include version): nginx:1.17

The operating system my web server runs on is (include version): i use docker (ubuntu 20.04)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

image

any suggestion?

2

Hi @devops-SOLU,

How is your server connected to the Internet?

Is it possible that your Docker configuration, or a firewall setup, is preventing or limiting outbound network connections?

The Let's Encrypt client application needs to be able to make an outgoing connection to the Let's Encrypt API in order to request certificates.

3

i can ping google.com.
image

i dont preventing or limiting outbound network connections

4

Can you try with curl -v and see which IP address is being used?

5

What does the routing table look like?
netstat -nr

6

image
image666×512 12 KB

7

This part seems flawed:
image
Why are those real Internet networks in your routing table?

8

i use docker, and this docker network

10

Again, why it is using REAL INTERNET networks?
ARIN Whois/RDAP - American Registry for Internet Numbers
ARIN Whois/RDAP - American Registry for Internet Numbers
ARIN Whois/RDAP - American Registry for Internet Numbers
ARIN Whois/RDAP - American Registry for Internet Numbers
...
ARIN Whois/RDAP - American Registry for Internet Numbers [one used by LE]

11

i dont know, i use default by docker network

12

Well, it seems like it is part of the (routing) problem.

13

what can i do?

14

I'd go ask on a docker forum about this routing issue.

Otherwise....

To obtain a cert and ignore the incorrect routing, you could:

  • switch to DNS-01 authentication
  • do the HTTP-01 authentication on another instance or on the host
15

thanks for the advice and information

16

Cloudflare, the CDN used by LE, currently seems to be using a 172.x.x.x IP address. Sometimes people route the 172.16.0.0/12 private IP space as 172.0.0.0/8, which would include the Cloudflare address too. Which is bad. So that might also be something to look into, private IP space routing.