Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domains are:
I ran this command:
sudo certbot --apache -d loskill.net -d www.loskill.net -d matterloskill.ch -d www.matterloskill.ch -d baristamuenchen.de -d www.baristamuenchen.de -d baristamuenchen.com -d www.baristamuenchen.com -d loskill.studio -d www.loskill.studio -d loskill.ch -d www.loskill.ch
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f3f3d2716f0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
My web server is (include version):
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2022-06-14T12:30:21
The operating system my web server runs on is (include version):
|Description:|Ubuntu 22.04.1 LTS|
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
Please fix your DNS connectivity and try again.
Also, usually one would just run
sudo certbot renew to renew a certificate (not called a "license") instead of using the full command used initially.
Thanks for the quick reply, sorry for mislabeling the process – I’m a n00b.
Here it looks as there are no issues: DNS Checker - DNS Check Propagation Tool
How and where could you produce the DNS error?
Edit: Sorry, now it produces errors on my side, too. Checking.
Edit2: Misread the Interface, seems to resolve fine to IP 126.96.36.199
Any hint where I can find/resolve the error?
The error is for DNS on your server checking names outbound. Not checking the public DNS for your domain name.
These should work on your server (but do not seem to be):
Ah, I see.
Yes, indeed, lookup fails for
as well as
amazon.com (or any other common domain)
Thank you Mike McQ
I’m googling for a solution, but if you know what to look for of the top of your head, I’m glad if you point me to a certain direction.
There are expert DNS volunteers here. Sadly, I know just enough to point out the error.
These answers might help them:
Are you in a container? (like docker)
Any key system changes since your July30 cert?
Yes, there was a key system change: new Ubuntu version.
Install crashed due to not enough memory. Could’ve corrupted something.
I’m asking in the DigitalOcean community first.
Obviously something’s broken in that part of the stack, don’t want to bother you guys here too much.
But really thank you for pointing out what’s wrong – in words I could understand.
What are the DNS servers being used?
cat /etc/resolv.conf shows:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
I did check the firewall as well.
ufw status verbose shows:
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN Anywhere
80,443/tcp (Apache Full) ALLOW IN Anywhere
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)
80,443/tcp (Apache Full (v6)) ALLOW IN Anywhere (v6)
systemd-resolve --status doesn’t work, by the way.
Command 'systemd-resolve' not found, but can be installed with:
sudo apt install systemd
Installing it then yields:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
systemd is already the newest version (249.11-0ubuntu3.4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
resolvectl status yields:
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
DNS Domain: DOMAINS
Link 2 (eth0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Domain: DOMAINS
And found that
systemd-analyze cat-config systemd/resolved.conf works. It shows:
# This file is part of systemd.
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
# See resolved.conf(5) for details.
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 188.8.131.52#cloudflare-dns.com 184.108.40.206#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google: 220.127.116.11#dns.google 18.104.22.168#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9: 22.214.171.124#dns.quad9.net 126.96.36.199#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
So, uncommenting and entering Cloudfare DNS into /etc/systemd/resolved.conf did it.
Thanks for all your effort and replies!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.