An unexpected error occurred: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: emitechno.com

I ran this command:

It produced this output:

My web server is (include version): nginx:1.17

The operating system my web server runs on is (include version): i use docker (ubuntu 20.04)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

image

any suggestion?

Hi @devops-SOLU,

How is your server connected to the Internet?

Is it possible that your Docker configuration, or a firewall setup, is preventing or limiting outbound network connections?

The Let's Encrypt client application needs to be able to make an outgoing connection to the Let's Encrypt API in order to request certificates.

2 Likes

i can ping google.com.
image

i dont preventing or limiting outbound network connections

Can you try with curl -v and see which IP address is being used?

2 Likes

What does the routing table look like?
netstat -nr

3 Likes

This part seems flawed:
image
Why are those real Internet networks in your routing table?

2 Likes

i use docker, and this docker network

Again, why it is using REAL INTERNET networks?
ARIN Whois/RDAP - American Registry for Internet Numbers
ARIN Whois/RDAP - American Registry for Internet Numbers
ARIN Whois/RDAP - American Registry for Internet Numbers
ARIN Whois/RDAP - American Registry for Internet Numbers
...
ARIN Whois/RDAP - American Registry for Internet Numbers [one used by LE]

2 Likes

i dont know, i use default by docker network

Well, it seems like it is part of the (routing) problem.

2 Likes

what can i do?

I'd go ask on a docker forum about this routing issue.

Otherwise....

To obtain a cert and ignore the incorrect routing, you could:

  • switch to DNS-01 authentication
  • do the HTTP-01 authentication on another instance or on the host
3 Likes

thanks for the advice and information

1 Like

Cloudflare, the CDN used by LE, currently seems to be using a 172.x.x.x IP address. Sometimes people route the 172.16.0.0/12 private IP space as 172.0.0.0/8, which would include the Cloudflare address too. Which is bad. So that might also be something to look into, private IP space routing.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.