Cannot create certificate

syzuhdi · October 6, 2017, 8:07am

Hi,
I have a problem to create a certificate and getting some errors as below.

[root@sanglang ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): syzuhdi@gmail.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: (‘Connection aborted.’, gaierror(-2, ‘Name or service not known’))

I’m using Centos7.

Please advise.
Thank you

ahaw021 · October 6, 2017, 8:19am

Please fill out the fields below so we can help you better.

Note: you must provide your domain name to get help.

Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

syzuhdi · October 6, 2017, 8:25am

My domain is: sanglang.modenas.com.my

I ran this command: certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): syzuhdi@gmail.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: (‘Connection aborted.’, gaierror(-2, ‘Name or service not known’))

My web server is (include version): Apache

The operating system my web server runs on is (include version): Centos7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

ahaw021 · October 6, 2017, 8:33am

ok the issue looks like the fact that you do not have any HTTPS configurations so apache is not listening on port 443

as a work arround you can use the --webroot method to obtain certificate

certbot -a webroot -i apache sanglang.modenas.com.my

Andrei

syzuhdi · October 6, 2017, 8:49am

Thank you for your prompt response.
But the error still occur

mnordhoff · October 6, 2017, 8:49am

It seems like Certbot is unable to find https://acme-v01.api.letsencrypt.org/. That's... weird.

Is /etc/resolv.conf correct? Does DNS resolution generally work on the system? "dig www.google.com" ?

"curl -v https://acme-v01.api.letsencrypt.org/directory" ?

How about

python -c "import socket; print(socket.getaddrinfo('acme-v01.api.letsencrypt.org', 443))"

syzuhdi · October 6, 2017, 9:18am

Hi,
Any idea ?

dig www.google.com
root@sanglang ~]# dig www.google.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25098
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 215 IN A 172.217.24.164

;; Query time: 3960 msec
;; SERVER: 172.18.24.13#53(172.18.24.13)
;; WHEN: Fri Oct 06 05:07:36 EDT 2017
;; MSG SIZE rcvd: 59

curl -v https://acme-v01.api.letsencrypt.org/directory
[root@sanglang ~]# curl -v https://acme-v01.api.letsencrypt.org/directory

Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known
Closing connection 0
curl: (6) Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known

python -c “import socket; print(socket.getaddrinfo(‘acme-v01.api.letsencrypt.org’, 443))”
[root@sanglang ~]# python -c "import socket; print(socket.getaddrinfo(‘acme-v01.api.letsencrypt.org’, 443))"
Traceback (most recent call last):
File “”, line 1, in
socket.gaierror: [Errno -2] Name or service not known

mnordhoff · October 6, 2017, 9:31am

While the Google query was successful, it's odd that it was so slow. Almost 4 seconds! Are you on the Moon?

I didn't think to ask before, but do "dig acme-v01.api.letsencrypt.org" and "dig acme-v01.api.letsencrypt.org aaaa" return the same error message?

All i can guess is that you need to raise this with your sys admin/DNS admin/network admin. Something is wrong with the DNS.

system · November 5, 2017, 9:31am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot error instead of ssl Help	8	843	December 22, 2020
Problems while creating a certificate Help	2	4438	May 20, 2017
Ubuntu + apache2 + letsencrypt: error creating certificate Help	15	496	April 4, 2024
Looking for help resolving an Authorization Error when creating a new cert Help	8	1567	October 28, 2018
Error when creating new cert Help	6	1184	May 31, 2019

Cannot create certificate

Related topics