Another requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443) problem

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: scp-makerspace.cn

I ran this command: sudo certbot certonly -a certbot-dns-aliyun:dns-aliyun --certbot-dns-aliyun:dns-aliyun-credentials /mnt/credentials.ini -d "scp-makerspace.cn" -d "*.scp-makerspace.cn"

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-dns-aliyun:dns-aliyun may be removed in a future version. Please use dns-aliyun instead.
Plugins selected: Authenticator certbot-dns-aliyun:dns-aliyun, Installer None
Requesting a certificate for scp-makerspace.cn and *.scp-makerspace.cn
An unexpected error occurred:
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): nginx /1.14.0 (ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: aliyun

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

P. S. I tried to change my MTU to 1300 or 1100 as previous posts suggested but it didn't help. Running nsconfig on my servcer for the acme-v2 domain gives the same IP as directly pinging it on my PC. I did not encounter this problem for the first time certifying, but in my dry renewal trial. After re-installing certbot and tried to re-certify, I still have this problem.

2 Likes

When did the is occur? Yesterday, there was a status incident related to readTimeout. A fix has been implemented and the Let’s Encrypt team is monitoring. Have you tried issuing in Staging or Production since the resolution time?

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6032bcc06a601504d1dbbdf0

4 Likes

I tried again and both the certification challenge process and the dry-run renewal succeeded! Thanks!

3 Likes

Thanks for confirming. The Let’s Encrypt team hasn’t seen any issues since we implemented a fix and this helps confirms that we’ve resolved it!

3 Likes