Cannot create certificate

Hi,
I have a problem to create a certificate and getting some errors as below.

[root@sanglang ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): syzuhdi@gmail.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: (‘Connection aborted.’, gaierror(-2, ‘Name or service not known’))

I’m using Centos7.

Please advise.
Thank you

Please fill out the fields below so we can help you better.

Note: you must provide your domain name to get help.

Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

My domain is: sanglang.modenas.com.my

I ran this command: certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): syzuhdi@gmail.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: (‘Connection aborted.’, gaierror(-2, ‘Name or service not known’))

My web server is (include version): Apache

The operating system my web server runs on is (include version): Centos7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

ok the issue looks like the fact that you do not have any HTTPS configurations so apache is not listening on port 443

as a work arround you can use the --webroot method to obtain certificate

certbot -a webroot -i apache sanglang.modenas.com.my

Andrei

Thank you for your prompt response.
But the error still occur

It seems like Certbot is unable to find https://acme-v01.api.letsencrypt.org/. That's... weird.

Is /etc/resolv.conf correct? Does DNS resolution generally work on the system? "dig www.google.com" ?

"curl -v https://acme-v01.api.letsencrypt.org/directory" ?

How about

python -c "import socket; print(socket.getaddrinfo('acme-v01.api.letsencrypt.org', 443))"
1 Like

Hi,
Any idea ?

  1. dig www.google.com
    root@sanglang ~]# dig www.google.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25098
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 215 IN A 172.217.24.164

;; Query time: 3960 msec
;; SERVER: 172.18.24.13#53(172.18.24.13)
;; WHEN: Fri Oct 06 05:07:36 EDT 2017
;; MSG SIZE rcvd: 59

  1. curl -v https://acme-v01.api.letsencrypt.org/directory
    [root@sanglang ~]# curl -v https://acme-v01.api.letsencrypt.org/directory
  1. python -c “import socket; print(socket.getaddrinfo(‘acme-v01.api.letsencrypt.org’, 443))”
    [root@sanglang ~]# python -c "import socket; print(socket.getaddrinfo(‘acme-v01.api.letsencrypt.org’, 443))"
    Traceback (most recent call last):
    File “”, line 1, in
    socket.gaierror: [Errno -2] Name or service not known

While the Google query was successful, it's odd that it was so slow. Almost 4 seconds! Are you on the Moon?

I didn't think to ask before, but do "dig acme-v01.api.letsencrypt.org" and "dig acme-v01.api.letsencrypt.org aaaa" return the same error message?

All i can guess is that you need to raise this with your sys admin/DNS admin/network admin. Something is wrong with the DNS.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.