Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: emitechno.com
I ran this command:
It produced this output:
My web server is (include version): nginx:1.17
The operating system my web server runs on is (include version): i use docker (ubuntu 20.04)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
any suggestion?
schoen
September 11, 2022, 2:10am
2
Hi @devops-SOLU ,
How is your server connected to the Internet?
Is it possible that your Docker configuration, or a firewall setup, is preventing or limiting outbound network connections?
The Let's Encrypt client application needs to be able to make an outgoing connection to the Let's Encrypt API in order to request certificates.
2 Likes
i can ping google.com .
i dont preventing or limiting outbound network connections
schoen
September 11, 2022, 2:52am
4
Can you try with curl -v
and see which IP address is being used?
2 Likes
rg305
September 11, 2022, 3:21am
5
What does the routing table look like?
netstat -nr
3 Likes
rg305
September 11, 2022, 3:34am
7
This part seems flawed:
Why are those real Internet networks in your routing table?
2 Likes
i use docker, and this docker network
rg305
September 11, 2022, 3:38am
10
2 Likes
i dont know, i use default by docker network
rg305
September 11, 2022, 3:57am
12
Well, it seems like it is part of the (routing) problem.
2 Likes
rg305
September 11, 2022, 4:20am
14
I'd go ask on a docker
forum about this routing issue.
Otherwise....
To obtain a cert and ignore the incorrect routing, you could:
switch to DNS-01
authentication
do the HTTP-01
authentication on another instance or on the host
3 Likes
thanks for the advice and information
1 Like
Osiris
September 11, 2022, 9:13am
16
Cloudflare, the CDN used by LE, currently seems to be using a 172.x.x.x IP address. Sometimes people route the 172.16.0.0/12
private IP space as 172.0.0.0/8
, which would include the Cloudflare address too. Which is bad. So that might also be something to look into, private IP space routing.
3 Likes
system
Closed
October 11, 2022, 9:14am
17
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.