Can’t renew licenses due to ConnectionError (Resolved, thanks)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domains are:

I ran this command:
sudo certbot --apache -d -d -d -d -d -d -d -d -d -d -d -d

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3f3d2716f0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

My web server is (include version):

Server version: Apache/2.4.52 (Ubuntu)
Server built:   2022-06-14T12:30:21

The operating system my web server runs on is (include version):

|Distributor ID:|Ubuntu|
|Description:|Ubuntu 22.04.1 LTS|

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0

Please fix your DNS connectivity and try again.

Also, usually one would just run sudo certbot renew to renew a certificate (not called a "license") instead of using the full command used initially.


Hi Osiris.
Thanks for the quick reply, sorry for mislabeling the process – I’m a n00b.

Here it looks as there are no issues: DNS Checker - DNS Check Propagation Tool
How and where could you produce the DNS error?

Edit: Sorry, now it produces errors on my side, too. Checking.
Edit2: Misread the Interface, seems to resolve fine to IP

Any hint where I can find/resolve the error?

The error is for DNS on your server checking names outbound. Not checking the public DNS for your domain name.

These should work on your server (but do not seem to be):


Ah, I see.
Yes, indeed, lookup fails for
as well as (or any other common domain)

Thank you Mike McQ
I’m googling for a solution, but if you know what to look for of the top of your head, I’m glad if you point me to a certain direction.

1 Like

There are expert DNS volunteers here. Sadly, I know just enough to point out the error.

These answers might help them:
Are you in a container? (like docker)
Any key system changes since your July30 cert?


Yes, there was a key system change: new Ubuntu version.
Install crashed due to not enough memory. Could’ve corrupted something.

I’m asking in the DigitalOcean community first.
Obviously something’s broken in that part of the stack, don’t want to bother you guys here too much.

But really thank you for pointing out what’s wrong – in words I could understand.


What are the DNS servers being used?
cat /etc/resolv.conf

1 Like

cat /etc/resolv.conf shows:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

search DOMAINS

I did check the firewall as well.
ufw status verbose shows:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere                  
80,443/tcp (Apache Full)   ALLOW IN    Anywhere                  
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)             
80,443/tcp (Apache Full (v6)) ALLOW IN    Anywhere (v6)

Running systemd-resolve --status doesn’t work, by the way.

Command 'systemd-resolve' not found, but can be installed with:
sudo apt install systemd

Installing it then yields:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
systemd is already the newest version (249.11-0ubuntu3.4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


What about resolvectl status


resolvectl status yields:

       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
      DNS Domain: DOMAINS

Link 2 (eth0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
    DNS Domain: DOMAINS

And found that systemd-analyze cat-config systemd/resolved.conf works. It shows:

**# /etc/systemd/resolved.conf**

# This file is part of systemd.


# systemd is free software; you can redistribute it and/or modify it under the

# terms of the GNU Lesser General Public License as published by the Free

# Software Foundation; either version 2.1 of the License, or (at your option)

# any later version.


# Entries in this file show the compile time defaults. Local configuration

# should be created by either modifying this file, or by creating "drop-ins" in

# the resolved.conf.d/ subdirectory. The latter is generally recommended.

# Defaults can be restored by simply deleting this file and all drop-ins.


# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.


# See resolved.conf(5) for details.


# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:

# Cloudflare:

# Google:

# Quad9:














So, uncommenting and entering Cloudfare DNS into /etc/systemd/resolved.conf did it.
Thanks for all your effort and replies!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.