My web server is (include version): Apache2 version 2.4
The operating system my web server runs on is (include version):Opensuse Leap15.1
I can login to a root shell on my machine (yes or no, or I don't know):Yes
I'm using a control panel to manage my site :Yes
Client is :Certbot version=1.4.0
Can I use certbot to issue a certificate for a website that is not hosted on the same machine as the certbot? (site is hosted on a cpanel and zerossl, e.t.c not an option)
Thank you.
Only if you can use DNS authentication.
HTTP authentication would fail; as the challenge request would try the IP of the FQDN directly.
Thanks a lot. Will give it a try.
Regards.
I used this code:
sudo certbot run --cert-name keta.com.ng -a manual --preferred-challenges dns -d keta.com.ng,www.keta.com.ng -i apache
And got the error below:
2020-10-13 17:47:52,017:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 159, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw)
File "/usr/lib/python3.6/site-packages/urllib3/util/connection.py", line 57, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib64/python3.6/socket.py", line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
conn.connect()
File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 301, in connect
conn = self._new_conn()
File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 168, in _new_conn
self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f775635a668>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f775635a668>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==1.4.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1347, in main
return config.func(config, plugins)
File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 1093, in run
le_client = _init_le_client(config, authenticator, installer)
File "/usr/lib/python3.6/site-packages/certbot/_internal/main.py", line 610, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 256, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3.6/site-packages/certbot/_internal/client.py", line 43, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python3.6/site-packages/acme/client.py", line 809, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python3.6/site-packages/acme/client.py", line 1144, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3.6/site-packages/acme/client.py", line 1094, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f775635a668>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',))
2020-10-13 17:47:52,025:ERROR:certbot._internal.log:An unexpected error occurred:
What exactly is Certbot moaning about please?
Thanks!
not too old
Try:
nslookup acme-v02.api.letsencrypt.org
ifconfig | grep -Ei 'add|inet'
curl -I4 https://acme-v02.api.letsencrypt.org/
curl -I6 https://acme-v02.api.letsencrypt.org/
@rg305's advice is correct. Most often this type of error "Temporary failure in name resolution" is due to a local networking problem on the subscriber's network, for instance a broken recursive resolver. That tends to show up on the /directory request because it's the first request the client makes, and necessitates a DNS lookup and TCP connection.
It's possible that our DNS provider has been serving increased errors, but for now I think the more likely answer is a series of subscriber-local network problems that have occurred closer together. Please do keep us in the loop if you continue to see higher than average examples of this type of problem!
Thanks for the prompt response, Jacob. 
Since this is out of a certificate-seeker's control, I wanted to ensure that it wasn't becoming a trend. I have not as yet seen this with my own ACME client.
Running nslookup showed networking configuration was somehow messed up from configuring another application. That's now been corrected and was able to connect to letsencrypt api. Got the certs! Someone Apache still managed to server the right certificate with the wrong expiration date (date for another certificate in the same directory) But I wouldn't worry a bit about that because I suspect that when I renew, certbot will renew all certificates in the directory at the same time and that will consequently make them all have the same expiration. Hope now that renewal will not be just as challenging! 
@rg305 many thanks!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.