Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: scp-makerspace.cn
I ran this command: sudo certbot certonly -a certbot-dns-aliyun:dns-aliyun --certbot-dns-aliyun:dns-aliyun-credentials /mnt/credentials.ini -d "scp-makerspace.cn" -d "*.scp-makerspace.cn"
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-dns-aliyun:dns-aliyun may be removed in a future version. Please use dns-aliyun instead.
Plugins selected: Authenticator certbot-dns-aliyun:dns-aliyun, Installer None
Requesting a certificate for scp-makerspace.cn and *.scp-makerspace.cn
An unexpected error occurred:
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version): nginx /1.14.0 (ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04 LTS
My hosting provider, if applicable, is: aliyun
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0
P. S. I tried to change my MTU to 1300 or 1100 as previous posts suggested but it didn't help. Running nsconfig on my servcer for the acme-v2 domain gives the same IP as directly pinging it on my PC. I did not encounter this problem for the first time certifying, but in my dry renewal trial. After re-installing certbot and tried to re-certify, I still have this problem.