Cannot get new certificate, readtimeout error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud.rempm.ru

I ran this command: certbot certonly --webroot -w /var/www/nextcloud -d cloud.rempm.ru

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 377, in _make_request
httplib_response = conn.getresponse(buffering=True)
TypeError: getresponse() got an unexpected keyword argument ‘buffering’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 379, in _make_request
httplib_response = conn.getresponse()
File “/usr/lib/python3.5/http/client.py”, line 1197, in getresponse
response.begin()
File “/usr/lib/python3.5/http/client.py”, line 297, in begin
version, status, reason = self._read_status()
File “/usr/lib/python3.5/http/client.py”, line 258, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), “iso-8859-1”)
File “/usr/lib/python3.5/socket.py”, line 575, in readinto
return self._sock.recv_into(b)
File “/usr/lib/python3.5/ssl.py”, line 929, in recv_into
return self.read(nbytes, buffer)
File “/usr/lib/python3.5/ssl.py”, line 791, in read
return self._sslobj.read(len, buffer)
File “/usr/lib/python3.5/ssl.py”, line 575, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 376, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 610, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 247, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 560, in urlopen
body=body, headers=headers)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 381, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 309, in _raise_timeout
raise ReadTimeoutError(self, url, “Read timed out. (read timeout=%s)” % timeout_value)
requests.packages.urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @rufless

are you sure your Certbot can talk with Letsencrypt?

What says

curl https://acme-v02.api.letsencrypt.org/
1 Like

Hi
varnikovai@klg-srv-cloud:~$ curl https://acme-v02.api.letsencrypt.org/

Boulder: The Let's Encrypt CA

  <div class="col-xs-6 text-left">
    <h1>Boulder<br>
    <small>The Let's Encrypt CA</small></h1>
  </div>
</div>

<div class="row">
  <div class="col-xs-8 col-xs-offset-2 text-center">
    <h3>This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a> Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.</h3>
    <p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href="https://letsencrypt.org/"><tt>https://letsencrypt.org/</tt></a> for help.</p>
    <p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href="https://acme-v02.api.letsencrypt.org/directory"><tt>https://acme-v02.api.letsencrypt.org/directory</a></tt>.</p>
  </div>
</div>
<div class="row">
  <div class="col-xs-4 col-xs-offset-2 text-center">
    <p><a href="https://letsencrypt.status.io" title="Twitter">
      <i class="fa fa-area-chart"></i>
      Service Status (letsencrypt.status.io)
    </a></p>
  </div>
  <div class="col-xs-4 text-center">
    <p><a href="https://twitter.com/letsencrypt" title="Twitter">
      <i class="fa fa-twitter"></i>
      Check with us on Twitter
    </a></p>
  </div>
</div> <!-- row -->

Ok, your server can talk with Letsencrypt. Are you sure this isn’t a temporary problem?

Or is your configuration inconsistent?

I think that this is not a temporary problem. I tried to generate new certificate a several days in a row.
How can I test my configuration?

Good question. I’m not so firm with these errors.

Are you sure

Certbot doesn’t wait for your input?

Share that.

No requests for input from certbot.
Here /var/log/letsencrypt:

2019-05-28 07:52:56,463:DEBUG:certbot.main:certbot version: 0.31.0
2019-05-28 07:52:56,465:DEBUG:certbot.main:Arguments: [’–webroot’, ‘-w’, ‘/var/www/nextcloud’, ‘-d’, ‘cloud.rempm.ru’]
2019-05-28 07:52:56,465:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,P
luginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-05-28 07:52:56,478:DEBUG:certbot.log:Root logging level set at 20
2019-05-28 07:52:56,479:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-05-28 07:52:56,480:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-05-28 07:52:56,480:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7faf77d109b0>
Prep: True
2019-05-28 07:52:56,482:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at
0x7faf77d109b0> and installer None
2019-05-28 07:52:56,482:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2019-05-28 07:52:56,511:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(uri=‘https://acme-v02.api.letsencrypt.o
rg/acme/acct/57900409’, terms_of_service=None, body=Registration(key=None, agreement=None, terms_of_service_agreed=None, status=
None, contact=(), external_account_binding=None, only_return_existing=None), new_authzr_uri=None), b5d21b3621958dcb9943034a05d7d
934, Meta(creation_dt=datetime.datetime(2019, 5, 27, 17, 20, 27, tzinfo=), creation_host=‘klg-srv-cloud.kprmz.ru’))>
2019-05-28 07:52:56,513:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-05-28 07:52:56,516:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencryp
t.org
2019-05-28 07:52:56,868:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2019-05-28 07:52:56,869:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 658
Connection: keep-alive
Content-Type: application/json
Expires: Tue, 28 May 2019 04:52:56 GMT
Date: Tue, 28 May 2019 04:52:56 GMT
Server: nginx
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
X-Frame-Options: DENY
Pragma: no-cache

{
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“pvjhBJGioZ4”: “Adding random entries to the directory”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}

Second part of log:
2019-05-28 07:52:56,869:INFO:certbot.main:Obtaining a new certificate
2019-05-28 07:52:57,001:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0013_key-certbot.pem
2019-05-28 07:52:57,006:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0013_csr-certbot.pem
2019-05-28 07:52:57,008:DEBUG:acme.client:Requesting fresh nonce
2019-05-28 07:52:57,008:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-05-28 07:52:57,234:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-nonce HTTP/1.1” 200 0
2019-05-28 07:52:57,235:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 0
Replay-Nonce: KbwNNXrdmW8Pv1DPNKkV0p7ymk4A-72kwihwodJQOqM
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Date: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
X-Frame-Options: DENY
Pragma: no-cache

2019-05-28 07:52:57,235:DEBUG:acme.client:Storing nonce: KbwNNXrdmW8Pv1DPNKkV0p7ymk4A-72kwihwodJQOqM
2019-05-28 07:52:57,236:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “cloud.rempm.ru”\n }\n ]\n}’
2019-05-28 07:52:57,239:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUt
djAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzU3OTAwNDA5IiwgIm5vbmNlIjogIktid05OWHJkbVc4UHYxRFBOS2tWMHA3eW1rNEEtNzJrd2lod29kSlFP
cU0iLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNsb3VkLnJlbXBtLnJ1IgogICAgfQ
ogIF0KfQ”,
“signature”: “pI17JBK9IlpHHUb9_jAovQImJaUajzFVkLQS5y36HXdNHILsjBA7vN3cirvL0UTu7wn2qyvrd7kDGXK19RrgE76GKwWKheWfQHJKMx44acU3XmBF
zA9qcqHNnHQbdea0J-aESZir-iGFFXlPBHEid3Gy8892ZqAQcHq-E781uxiIYDCnp-u_VTyUbaTy_aTYHr2Zacoi0vWB0ntJNcsRnwTauc8rf2ObYcCjYmaIu1w0mwsz
qz5v1UajVkmLBmHK-eKNpHEh_SjUGzq2Hpx_3rLoHXIWRgXOemoj0mDoTKJatnmckHCIo-rbd9M-QSDlSHPYbv4HZijIxwz10yenuw”
}
2019-05-28 07:52:57,458:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-order HTTP/1.1” 201 361
2019-05-28 07:52:57,459:DEBUG:acme.client:Received response:
HTTP 201
Boulder-Requester: 57900409
Date: Tue, 28 May 2019 04:52:57 GMT
X-Frame-Options: DENY
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json
Pragma: no-cache
Location: https://acme-v02.api.letsencrypt.org/acme/order/57900409/474702749
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Replay-Nonce: RuUAQMaaJ54WqisMFglxcGmIGa-BFalY5Z3L6M_rQ3g
Strict-Transport-Security: max-age=604800
Content-Length: 361

{
“status”: “ready”,
“expires”: “2019-06-03T17:20:32Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “cloud.rempm.ru
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/57900409/474702749
}
2019-05-28 07:52:57,459:DEBUG:acme.client:Storing nonce: RuUAQMaaJ54WqisMFglxcGmIGa-BFalY5Z3L6M_rQ3g
2019-05-28 07:52:57,460:DEBUG:acme.client:JWS payload:
b’’
2019-05-28 07:52:57,462:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/pa5px-MKXRSPWo
GT44zVDcLCSlQhMJoiO5z-ErflB58:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovcGE1cHgtTUtYUlNQV29HVDQ0elZEY0xDU2xR
aE1Kb2lPNXotRXJmbEI1OCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NzkwMDQwOSIsICJub25jZSI6ICJS
dVVBUU1hYUo1NFdxaXNNRmdseGNHbUlHYS1CRmFsWTVaM0w2TV9yUTNnIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “”,
“signature”: “i-HVNDfKu4huCMUwcyr5AnOXq6dLYcgAQNG0on108FcXaIATTGURdEEzCxoskJijb88x7Jg-nhGHGt6653sQbz93avLhfxM6jnraFpMYr9WApnKX
U6oITZ0wrrL6xrjRGkT5jVbClOFNQOn999DshPUG_HRAaJAWvavvjHR1D9nUxCwjFftY7C3fY6UXzTYbycgslAt9IMR_4DTqZvALVKct-9iXOlkl1Dd_CgL_vUz8aMmr
4D1YWOFnOwyD6ixrYETefjsOHZj3o1TDot4uMzOLzMW-osa-iComuY9gEQtyYjlZEo0WHzUKm7ZfMwkF-oToYROAY7eBV-4hy8tm0w”
}
2019-05-28 07:52:57,682:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/authz/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-Erf
lB58 HTTP/1.1” 200 1256
2019-05-28 07:52:57,683:DEBUG:acme.client:Received response:
HTTP 200
Boulder-Requester: 57900409
Date: Tue, 28 May 2019 04:52:57 GMT
X-Frame-Options: DENY
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json
Pragma: no-cache
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Replay-Nonce: 2nUmIcBn-3ulGSz-S9DxZ-q_LaDYqxdFaFgF1hafPRs
Strict-Transport-Security: max-age=604800
Content-Length: 1256

{
“identifier”: {
“type”: “dns”,
“value”: “cloud.rempm.ru
},
“status”: “valid”,
“expires”: “2019-06-26T17:20:38Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497898”,
“token”: “GbgbTDK8pADiBNdq3PXlIItEd2MUEPOBDyShN0e5lU8”
},
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497899”,
“token”: “9cmyr7XaeoZwyA6ZEiEWju6uy3TnLqtdHkv1GTRTinc”,
“validationRecord”: [
{
“url”: “http://cloud.rempm.ru/.well-known/acme-challenge/9cmyr7XaeoZwyA6ZEiEWju6uy3TnLqtdHkv1GTRTinc”,
“hostname”: “cloud.rempm.ru”,
“port”: “80”,
“addressesResolved”: [
“80.245.249.252”
],
“addressUsed”: “80.245.249.252”
}
]
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497900”,
“token”: “RvX9YzmfI8KIxNxeo-_5heQxTydAtr1abjLAb2X_Myc”
}
]
}
2019-05-28 07:52:57,683:DEBUG:acme.client:Storing nonce: 2nUmIcBn-3ulGSz-S9DxZ-q_LaDYqxdFaFgF1hafPRs
2019-05-28 07:52:57,684:DEBUG:certbot.client:CSR: CSR(file=’/etc/letsencrypt/csr/0013_csr-certbot.pem’, data=b’-----BEGIN CERTIF
ICATE REQUEST-----\nMIICcTCCAVkCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP9\ngY9MCgYBQWX51YwrskavIwaFAFJxw8OG1x72xOe1GT
W/Rvd4b5o5bdpseDXJumg1\nbUEUvqRZTNR4QAUpILa6/pq2TEjBDwzs6uj2gFaHzS4I5jXQ8xOnfV0aNWk/shzw\nAiSEg4zXS0ZVBsUA1fjxYaJes00A/7e7iuERr7
XqJr7ZAAMtd0T7UmZDvrLWSOBM\n0EZDX6C9L91afOKe5/bExRcPGBXvGYTMBPK4EyujttctF4wJzhCh3h6t+Ui5IKxq\nJYfGK5A2IRwuvG1a2PCifRjT4vAO0aZPRh
KNytk0W8ychEdCRiJzcUZwD73rTljd\n4mQ4Ram7Yjib0RhWxm8CAwEAAaAsMCoGCSqGSIb3DQEJDjEdMBswGQYDVR0RBBIw\nEIIOY2xvdWQucmVtcG0ucnUwDQYJKo
ZIhvcNAQELBQADggEBAFZuHklfAdfAkIV+\nXje6zyO+1y6iLAtTs9sYn3akCsfTMKkYdyM9C3s5JzbXyHjbrlAjOtFyt+HkXt52\ndvWw7/B7jvCJqgVDkymIRGVVqZ
WE2k4YL+S9G5iCKMFhoxsSmyGkX2ZT2MIm8D3V\nke72otMVpOOaCbLlOEjOEPOyqscgqN4gHzVMvYkm4vRMpiKNWmxaMqieyAO3F3WJ\n2DEN9QFHAzhj6MhRCcQRNt
Bjhc2osBC2h6ko4OYaNojWEi9SDQX4v2tRe8TqeM0q\nbkePw+zhIJkyoxXnfAGygzBKTs+R6znEHN6KlJfeGde9fVXEvqCACoDYPaG9LkIN\nIAdlobI=\n-----END
CERTIFICATE REQUEST-----\n’, form=‘pem’)
2019-05-28 07:52:57,685:DEBUG:acme.client:JWS payload:
b’{\n “csr”: “MIICcTCCAVkCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP9gY9MCgYBQWX51YwrskavIwaFAFJxw8OG1x72xOe1GTW_Rvd4b
5o5bdpseDXJumg1bUEUvqRZTNR4QAUpILa6_pq2TEjBDwzs6uj2gFaHzS4I5jXQ8xOnfV0aNWk_shzwAiSEg4zXS0ZVBsUA1fjxYaJes00A_7e7iuERr7XqJr7ZAAMtd
0T7UmZDvrLWSOBM0EZDX6C9L91afOKe5_bExRcPGBXvGYTMBPK4EyujttctF4wJzhCh3h6t-Ui5IKxqJYfGK5A2IRwuvG1a2PCifRjT4vAO0aZPRhKNytk0W8ychEdCR
iJzcUZwD73rTljd4mQ4Ram7Yjib0RhWxm8CAwEAAaAsMCoGCSqGSIb3DQEJDjEdMBswGQYDVR0RBBIwEIIOY2xvdWQucmVtcG0ucnUwDQYJKoZIhvcNAQELBQADggEBA
FZuHklfAdfAkIV-Xje6zyO-1y6iLAtTs9sYn3akCsfTMKkYdyM9C3s5JzbXyHjbrlAjOtFyt-HkXt52dvWw7_B7jvCJqgVDkymIRGVVqZWE2k4YL-S9G5iCKMFhoxsSm
yGkX2ZT2MIm8D3Vke72otMVpOOaCbLlOEjOEPOyqscgqN4gHzVMvYkm4vRMpiKNWmxaMqieyAO3F3WJ2DEN9QFHAzhj6MhRCcQRNtBjhc2osBC2h6ko4OYaNojWEi9SD
QX4v2tRe8TqeM0qbkePw-zhIJkyoxXnfAGygzBKTs-R6znEHN6KlJfeGde9fVXEvqCACoDYPaG9LkINIAdlobI”,\n “resource”: “new-cert”\n}’
2019-05-28 07:52:57,688:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/57900409/47
4702749:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvNTc5MDA0MDkvNDc0NzAyNzQ5IiwgImtp
ZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzU3OTAwNDA5IiwgIm5vbmNlIjogIjJuVW1JY0JuLTN1bEdTei1TOUR4Wi1x
X0xhRFlxeGRGYUZnRjFoYWZQUnMiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJjc3IiOiAiTUlJQ2NUQ0NBVmtDQVFJd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5QOWdZOU1DZ1lCUV
dYNTFZd3Jza2F2SXdhRkFGSnh3OE9HMXg3MnhPZTFHVFdfUnZkNGI1bzViZHBzZURYSnVtZzFiVUVVdnFSWlROUjRRQVVwSUxhNl9wcTJURWpCRHd6czZ1ajJnRmFIel
M0STVqWFE4eE9uZlYwYU5Xa19zaHp3QWlTRWc0elhTMFpWQnNVQTFmanhZYUplczAwQV83ZTdpdUVScjdYcUpyN1pBQU10ZDBUN1VtWkR2ckxXU09CTTBFWkRYNkM5TD
kxYWZPS2U1X2JFeFJjUEdCWHZHWVRNQlBLNEV5dWp0dGN0RjR3SnpoQ2gzaDZ0LVVpNUlLeHFKWWZHSzVBMklSd3V2RzFhMlBDaWZSalQ0dkFPMGFaUFJoS055dGswVz
h5Y2hFZENSaUp6Y1Vad0Q3M3JUbGpkNG1RNFJhbTdZamliMFJoV3htOENBd0VBQWFBc01Db0dDU3FHU0liM0RRRUpEakVkTUJzd0dRWURWUjBSQkJJd0VJSU9ZMnh2ZF
dRdWNtVnRjRzB1Y25Vd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGWnVIa2xmQWRmQWtJVi1YamU2enlPLTF5NmlMQXRUczlzWW4zYWtDc2ZUTUtrWWR5TTlDM3M1Sn
piWHlIamJybEFqT3RGeXQtSGtYdDUyZHZXdzdfQjdqdkNKcWdWRGt5bUlSR1ZWcVpXRTJrNFlMLVM5RzVpQ0tNRmhveHNTbXlHa1gyWlQyTUltOEQzVmtlNzJvdE1WcE
9PYUNiTGxPRWpPRVBPeXFzY2dxTjRnSHpWTXZZa200dlJNcGlLTldteGFNcWlleUFPM0YzV0oyREVOOVFGSEF6aGo2TWhSQ2NRUk50QmpoYzJvc0JDMmg2a280T1lhTm
9qV0VpOVNEUVg0djJ0UmU4VHFlTTBxYmtlUHctemhJSmt5b3hYbmZBR3lnekJLVHMtUjZ6bkVITjZLbEpmZUdkZTlmVlhFdnFDQUNvRFlQYUc5TGtJTklBZGxvYkkiLA
ogICJyZXNvdXJjZSI6ICJuZXctY2VydCIKfQ”,
“signature”: “UGmKS55rI5WPMjkBAUWDAgYCkf-yC_VIxy8_3C5WmZCLgGnJRQEuwPC8stS0_kOUdifOzk6_GS6b8B1EZeT7VKNQUsaRy5EQwiYSyZd_1dRpJUCw
9AaX0rPX-N41i-kH1BVMKJigrxNGVSxrw9xjt-ksrIh4zUICs0E-Hh9syrzVnjV0Wcw_R3s8UwEyDgYFsXT9Sp4NL5MgLkVovBg5z8ITOVSL5KTYEuE3MBZEeavJPIkm
xc1fyC9ilzINVgbgWjPAJkfCykAJsN_miqPwjjn4f5s6EWg1zK1WB-f77-sLbefvTw9hEcUti2OVt0blRnXYv-xu6-DBUUvjtPHIig”
}
2019-05-28 07:53:42,736:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 377, in _make_request
httplib_response = conn.getresponse(buffering=True)
TypeError: getresponse() got an unexpected keyword argument ‘buffering’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 379, in _make_request
httplib_response = conn.getresponse()
File “/usr/lib/python3.5/http/client.py”, line 1197, in getresponse
response.begin()
File “/usr/lib/python3.5/http/client.py”, line 297, in begin
version, status, reason = self._read_status()
File “/usr/lib/python3.5/http/client.py”, line 258, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), “iso-8859-1”)
File “/usr/lib/python3.5/socket.py”, line 575, in readinto
return self._sock.recv_into(b)
File “/usr/lib/python3.5/ssl.py”, line 929, in recv_into
return self.read(nbytes, buffer)
File “/usr/lib/python3.5/ssl.py”, line 791, in read
return self._sslobj.read(len, buffer)
File “/usr/lib/python3.5/ssl.py”, line 575, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 376, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 610, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 247, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 560, in urlopen
body=body, headers=headers)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 381, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 309, in _raise_timeout
raise ReadTimeoutError(self, url, “Read timed out. (read timeout=%s)” % timeout_value)
requests.packages.urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read
timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 369, in obtain_certificate
cert, chain = self.obtain_certificate_from_csr(csr, orderr)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 301, in obtain_certificate_from_csr
orderr = self.acme.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 908, in finalize_order
return self.client.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 734, in finalize_order
self._post(orderr.body.finalize, wrapped_csr)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 95, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1185, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1201, in _post_once
response = self._send_request(‘POST’, url, data=data, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1101, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 468, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 576, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 449, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeo
ut=45)
2019-05-28 07:53:42,741:ERROR:certbot.log:An unexpected error occurred:

No any requests for input from certbot.
Here log:

2019-05-28 07:52:56,463:DEBUG:certbot.main:certbot version: 0.31.0
2019-05-28 07:52:56,465:DEBUG:certbot.main:Arguments: [’–webroot’, ‘-w’, ‘/var/www/nextcloud’, ‘-d’, ‘cloud.rempm.ru’]
2019-05-28 07:52:56,465:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,P
luginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-05-28 07:52:56,478:DEBUG:certbot.log:Root logging level set at 20
2019-05-28 07:52:56,479:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-05-28 07:52:56,480:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-05-28 07:52:56,480:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7faf77d109b0>
Prep: True
2019-05-28 07:52:56,482:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at
0x7faf77d109b0> and installer None
2019-05-28 07:52:56,482:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2019-05-28 07:52:56,511:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(uri=‘https://acme-v02.api.letsencrypt.o
rg/acme/acct/57900409’, terms_of_service=None, body=Registration(key=None, agreement=None, terms_of_service_agreed=None, status=
None, contact=(), external_account_binding=None, only_return_existing=None), new_authzr_uri=None), b5d21b3621958dcb9943034a05d7d
934, Meta(creation_dt=datetime.datetime(2019, 5, 27, 17, 20, 27, tzinfo=), creation_host=‘klg-srv-cloud.kprmz.ru’))>
2019-05-28 07:52:56,513:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-05-28 07:52:56,516:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencryp
t.org
2019-05-28 07:52:56,868:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2019-05-28 07:52:56,869:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 658
Connection: keep-alive
Content-Type: application/json
Expires: Tue, 28 May 2019 04:52:56 GMT
Date: Tue, 28 May 2019 04:52:56 GMT
Server: nginx
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
X-Frame-Options: DENY
Pragma: no-cache

{
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“pvjhBJGioZ4”: “Adding random entries to the directory”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2019-05-28 07:52:56,869:INFO:certbot.main:Obtaining a new certificate
2019-05-28 07:52:57,001:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0013_key-certbot.pem
2019-05-28 07:52:57,006:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0013_csr-certbot.pem
2019-05-28 07:52:57,008:DEBUG:acme.client:Requesting fresh nonce
2019-05-28 07:52:57,008:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-05-28 07:52:57,234:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-nonce HTTP/1.1” 200 0
2019-05-28 07:52:57,235:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 0
Replay-Nonce: KbwNNXrdmW8Pv1DPNKkV0p7ymk4A-72kwihwodJQOqM
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Date: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
X-Frame-Options: DENY
Pragma: no-cache

2019-05-28 07:52:57,235:DEBUG:acme.client:Storing nonce: KbwNNXrdmW8Pv1DPNKkV0p7ymk4A-72kwihwodJQOqM
2019-05-28 07:52:57,236:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “cloud.rempm.ru”\n }\n ]\n}’
2019-05-28 07:52:57,239:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUt
djAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzU3OTAwNDA5IiwgIm5vbmNlIjogIktid05OWHJkbVc4UHYxRFBOS2tWMHA3eW1rNEEtNzJrd2lod29kSlFP
cU0iLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNsb3VkLnJlbXBtLnJ1IgogICAgfQ
ogIF0KfQ”,
“signature”: “pI17JBK9IlpHHUb9_jAovQImJaUajzFVkLQS5y36HXdNHILsjBA7vN3cirvL0UTu7wn2qyvrd7kDGXK19RrgE76GKwWKheWfQHJKMx44acU3XmBF
zA9qcqHNnHQbdea0J-aESZir-iGFFXlPBHEid3Gy8892ZqAQcHq-E781uxiIYDCnp-u_VTyUbaTy_aTYHr2Zacoi0vWB0ntJNcsRnwTauc8rf2ObYcCjYmaIu1w0mwsz
qz5v1UajVkmLBmHK-eKNpHEh_SjUGzq2Hpx_3rLoHXIWRgXOemoj0mDoTKJatnmckHCIo-rbd9M-QSDlSHPYbv4HZijIxwz10yenuw”
}
2019-05-28 07:52:57,458:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-order HTTP/1.1” 201 361
2019-05-28 07:52:57,459:DEBUG:acme.client:Received response:
HTTP 201
Boulder-Requester: 57900409
Date: Tue, 28 May 2019 04:52:57 GMT
X-Frame-Options: DENY
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json
Pragma: no-cache
Location: https://acme-v02.api.letsencrypt.org/acme/order/57900409/474702749
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Replay-Nonce: RuUAQMaaJ54WqisMFglxcGmIGa-BFalY5Z3L6M_rQ3g
Strict-Transport-Security: max-age=604800
Content-Length: 361

{
“status”: “ready”,
“expires”: “2019-06-03T17:20:32Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “cloud.rempm.ru
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/57900409/474702749
}
2019-05-28 07:52:57,459:DEBUG:acme.client:Storing nonce: RuUAQMaaJ54WqisMFglxcGmIGa-BFalY5Z3L6M_rQ3g
2019-05-28 07:52:57,460:DEBUG:acme.client:JWS payload:
b’’
2019-05-28 07:52:57,462:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/pa5px-MKXRSPWo
GT44zVDcLCSlQhMJoiO5z-ErflB58:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovcGE1cHgtTUtYUlNQV29HVDQ0elZEY0xDU2xR
aE1Kb2lPNXotRXJmbEI1OCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NzkwMDQwOSIsICJub25jZSI6ICJS
dVVBUU1hYUo1NFdxaXNNRmdseGNHbUlHYS1CRmFsWTVaM0w2TV9yUTNnIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “”,
“signature”: “i-HVNDfKu4huCMUwcyr5AnOXq6dLYcgAQNG0on108FcXaIATTGURdEEzCxoskJijb88x7Jg-nhGHGt6653sQbz93avLhfxM6jnraFpMYr9WApnKX
U6oITZ0wrrL6xrjRGkT5jVbClOFNQOn999DshPUG_HRAaJAWvavvjHR1D9nUxCwjFftY7C3fY6UXzTYbycgslAt9IMR_4DTqZvALVKct-9iXOlkl1Dd_CgL_vUz8aMmr
4D1YWOFnOwyD6ixrYETefjsOHZj3o1TDot4uMzOLzMW-osa-iComuY9gEQtyYjlZEo0WHzUKm7ZfMwkF-oToYROAY7eBV-4hy8tm0w”
}
2019-05-28 07:52:57,682:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/authz/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-Erf
lB58 HTTP/1.1” 200 1256
2019-05-28 07:52:57,683:DEBUG:acme.client:Received response:
HTTP 200
Boulder-Requester: 57900409
Date: Tue, 28 May 2019 04:52:57 GMT
X-Frame-Options: DENY
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json
Pragma: no-cache
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Replay-Nonce: 2nUmIcBn-3ulGSz-S9DxZ-q_LaDYqxdFaFgF1hafPRs
Strict-Transport-Security: max-age=604800
Content-Length: 1256

{
“identifier”: {
“type”: “dns”,
“value”: “cloud.rempm.ru
},
“status”: “valid”,
“expires”: “2019-06-26T17:20:38Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497898”,
“token”: “GbgbTDK8pADiBNdq3PXlIItEd2MUEPOBDyShN0e5lU8”
},
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497899”,
“token”: “9cmyr7XaeoZwyA6ZEiEWju6uy3TnLqtdHkv1GTRTinc”,
“validationRecord”: [
{
“url”: “http://cloud.rempm.ru/.well-known/acme-challenge/9cmyr7XaeoZwyA6ZEiEWju6uy3TnLqtdHkv1GTRTinc”,
“hostname”: “cloud.rempm.ru”,
“port”: “80”,
“addressesResolved”: [
“80.245.249.252”
],
“addressUsed”: “80.245.249.252”
}
]
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497900”,
“token”: “RvX9YzmfI8KIxNxeo-_5heQxTydAtr1abjLAb2X_Myc”
}
]
}
2019-05-28 07:52:57,683:DEBUG:acme.client:Storing nonce: 2nUmIcBn-3ulGSz-S9DxZ-q_LaDYqxdFaFgF1hafPRs
2019-05-28 07:52:57,684:DEBUG:certbot.client:CSR: CSR(file=’/etc/letsencrypt/csr/0013_csr-certbot.pem’, data=b’-----BEGIN CERTIF
ICATE REQUEST-----\nMIICcTCCAVkCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP9\ngY9MCgYBQWX51YwrskavIwaFAFJxw8OG1x72xOe1GT
W/Rvd4b5o5bdpseDXJumg1\nbUEUvqRZTNR4QAUpILa6/pq2TEjBDwzs6uj2gFaHzS4I5jXQ8xOnfV0aNWk/shzw\nAiSEg4zXS0ZVBsUA1fjxYaJes00A/7e7iuERr7
XqJr7ZAAMtd0T7UmZDvrLWSOBM\n0EZDX6C9L91afOKe5/bExRcPGBXvGYTMBPK4EyujttctF4wJzhCh3h6t+Ui5IKxq\nJYfGK5A2IRwuvG1a2PCifRjT4vAO0aZPRh
KNytk0W8ychEdCRiJzcUZwD73rTljd\n4mQ4Ram7Yjib0RhWxm8CAwEAAaAsMCoGCSqGSIb3DQEJDjEdMBswGQYDVR0RBBIw\nEIIOY2xvdWQucmVtcG0ucnUwDQYJKo
ZIhvcNAQELBQADggEBAFZuHklfAdfAkIV+\nXje6zyO+1y6iLAtTs9sYn3akCsfTMKkYdyM9C3s5JzbXyHjbrlAjOtFyt+HkXt52\ndvWw7/B7jvCJqgVDkymIRGVVqZ
WE2k4YL+S9G5iCKMFhoxsSmyGkX2ZT2MIm8D3V\nke72otMVpOOaCbLlOEjOEPOyqscgqN4gHzVMvYkm4vRMpiKNWmxaMqieyAO3F3WJ\n2DEN9QFHAzhj6MhRCcQRNt
Bjhc2osBC2h6ko4OYaNojWEi9SDQX4v2tRe8TqeM0q\nbkePw+zhIJkyoxXnfAGygzBKTs+R6znEHN6KlJfeGde9fVXEvqCACoDYPaG9LkIN\nIAdlobI=\n-----END
CERTIFICATE REQUEST-----\n’, form=‘pem’)
2019-05-28 07:52:57,685:DEBUG:acme.client:JWS payload:
b’{\n “csr”: “MIICcTCCAVkCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP9gY9MCgYBQWX51YwrskavIwaFAFJxw8OG1x72xOe1GTW_Rvd4b
5o5bdpseDXJumg1bUEUvqRZTNR4QAUpILa6_pq2TEjBDwzs6uj2gFaHzS4I5jXQ8xOnfV0aNWk_shzwAiSEg4zXS0ZVBsUA1fjxYaJes00A_7e7iuERr7XqJr7ZAAMtd
0T7UmZDvrLWSOBM0EZDX6C9L91afOKe5_bExRcPGBXvGYTMBPK4EyujttctF4wJzhCh3h6t-Ui5IKxqJYfGK5A2IRwuvG1a2PCifRjT4vAO0aZPRhKNytk0W8ychEdCR
iJzcUZwD73rTljd4mQ4Ram7Yjib0RhWxm8CAwEAAaAsMCoGCSqGSIb3DQEJDjEdMBswGQYDVR0RBBIwEIIOY2xvdWQucmVtcG0ucnUwDQYJKoZIhvcNAQELBQADggEBA
FZuHklfAdfAkIV-Xje6zyO-1y6iLAtTs9sYn3akCsfTMKkYdyM9C3s5JzbXyHjbrlAjOtFyt-HkXt52dvWw7_B7jvCJqgVDkymIRGVVqZWE2k4YL-S9G5iCKMFhoxsSm
yGkX2ZT2MIm8D3Vke72otMVpOOaCbLlOEjOEPOyqscgqN4gHzVMvYkm4vRMpiKNWmxaMqieyAO3F3WJ2DEN9QFHAzhj6MhRCcQRNtBjhc2osBC2h6ko4OYaNojWEi9SD
QX4v2tRe8TqeM0qbkePw-zhIJkyoxXnfAGygzBKTs-R6znEHN6KlJfeGde9fVXEvqCACoDYPaG9LkINIAdlobI”,\n “resource”: “new-cert”\n}’
2019-05-28 07:52:57,688:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/57900409/47
4702749:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvNTc5MDA0MDkvNDc0NzAyNzQ5IiwgImtp
ZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzU3OTAwNDA5IiwgIm5vbmNlIjogIjJuVW1JY0JuLTN1bEdTei1TOUR4Wi1x
X0xhRFlxeGRGYUZnRjFoYWZQUnMiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJjc3IiOiAiTUlJQ2NUQ0NBVmtDQVFJd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5QOWdZOU1DZ1lCUV
dYNTFZd3Jza2F2SXdhRkFGSnh3OE9HMXg3MnhPZTFHVFdfUnZkNGI1bzViZHBzZURYSnVtZzFiVUVVdnFSWlROUjRRQVVwSUxhNl9wcTJURWpCRHd6czZ1ajJnRmFIel
M0STVqWFE4eE9uZlYwYU5Xa19zaHp3QWlTRWc0elhTMFpWQnNVQTFmanhZYUplczAwQV83ZTdpdUVScjdYcUpyN1pBQU10ZDBUN1VtWkR2ckxXU09CTTBFWkRYNkM5TD
kxYWZPS2U1X2JFeFJjUEdCWHZHWVRNQlBLNEV5dWp0dGN0RjR3SnpoQ2gzaDZ0LVVpNUlLeHFKWWZHSzVBMklSd3V2RzFhMlBDaWZSalQ0dkFPMGFaUFJoS055dGswVz
h5Y2hFZENSaUp6Y1Vad0Q3M3JUbGpkNG1RNFJhbTdZamliMFJoV3htOENBd0VBQWFBc01Db0dDU3FHU0liM0RRRUpEakVkTUJzd0dRWURWUjBSQkJJd0VJSU9ZMnh2ZF
dRdWNtVnRjRzB1Y25Vd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGWnVIa2xmQWRmQWtJVi1YamU2enlPLTF5NmlMQXRUczlzWW4zYWtDc2ZUTUtrWWR5TTlDM3M1Sn
piWHlIamJybEFqT3RGeXQtSGtYdDUyZHZXdzdfQjdqdkNKcWdWRGt5bUlSR1ZWcVpXRTJrNFlMLVM5RzVpQ0tNRmhveHNTbXlHa1gyWlQyTUltOEQzVmtlNzJvdE1WcE
9PYUNiTGxPRWpPRVBPeXFzY2dxTjRnSHpWTXZZa200dlJNcGlLTldteGFNcWlleUFPM0YzV0oyREVOOVFGSEF6aGo2TWhSQ2NRUk50QmpoYzJvc0JDMmg2a280T1lhTm
9qV0VpOVNEUVg0djJ0UmU4VHFlTTBxYmtlUHctemhJSmt5b3hYbmZBR3lnekJLVHMtUjZ6bkVITjZLbEpmZUdkZTlmVlhFdnFDQUNvRFlQYUc5TGtJTklBZGxvYkkiLA
ogICJyZXNvdXJjZSI6ICJuZXctY2VydCIKfQ”,
“signature”: “UGmKS55rI5WPMjkBAUWDAgYCkf-yC_VIxy8_3C5WmZCLgGnJRQEuwPC8stS0_kOUdifOzk6_GS6b8B1EZeT7VKNQUsaRy5EQwiYSyZd_1dRpJUCw
9AaX0rPX-N41i-kH1BVMKJigrxNGVSxrw9xjt-ksrIh4zUICs0E-Hh9syrzVnjV0Wcw_R3s8UwEyDgYFsXT9Sp4NL5MgLkVovBg5z8ITOVSL5KTYEuE3MBZEeavJPIkm
xc1fyC9ilzINVgbgWjPAJkfCykAJsN_miqPwjjn4f5s6EWg1zK1WB-f77-sLbefvTw9hEcUti2OVt0blRnXYv-xu6-DBUUvjtPHIig”
}
2019-05-28 07:53:42,736:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 377, in _make_request
httplib_response = conn.getresponse(buffering=True)
TypeError: getresponse() got an unexpected keyword argument ‘buffering’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 379, in _make_request
httplib_response = conn.getresponse()
File “/usr/lib/python3.5/http/client.py”, line 1197, in getresponse
response.begin()
File “/usr/lib/python3.5/http/client.py”, line 297, in begin
version, status, reason = self._read_status()
File “/usr/lib/python3.5/http/client.py”, line 258, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), “iso-8859-1”)
File “/usr/lib/python3.5/socket.py”, line 575, in readinto
return self._sock.recv_into(b)
File “/usr/lib/python3.5/ssl.py”, line 929, in recv_into
return self.read(nbytes, buffer)
File “/usr/lib/python3.5/ssl.py”, line 791, in read
return self._sslobj.read(len, buffer)
File “/usr/lib/python3.5/ssl.py”, line 575, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 376, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 610, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 247, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 560, in urlopen
body=body, headers=headers)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 381, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 309, in _raise_timeout
raise ReadTimeoutError(self, url, “Read timed out. (read timeout=%s)” % timeout_value)
requests.packages.urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read
timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 369, in obtain_certificate
cert, chain = self.obtain_certificate_from_csr(csr, orderr)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 301, in obtain_certificate_from_csr
orderr = self.acme.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 908, in finalize_order
return self.client.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 734, in finalize_order
self._post(orderr.body.finalize, wrapped_csr)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 95, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1185, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1201, in _post_once
response = self._send_request(‘POST’, url, data=data, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1101, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 468, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 576, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 449, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeo
ut=45)
2019-05-28 07:53:42,741:ERROR:certbot.log:An unexpected error occurred:

Your situation looks like one that I’ve seen occasionally from other users for a couple of years, where large POST requests (such as those containing a CSR) to the Akamai CDN in front of the Let’s Encrypt service, just time out.

Unfortunately I don’t know of a permanent solution, but you can try verify whether it’s the case by trying a different IP address to access the API server.

This can be done by modifying /etc/hosts with e.g.:

104.99.248.78 acme-v02.api.letsencrypt.org

You can also try 104.107.50.145.

Keep in mind this isn’t a workable long-term workaround, since the IP addresses will change eventually.

If neither of those work, you can also try lowering your network interface MTU. That worked for one person who suffered from this problem.

ifconfig eth0 mtu 1300
3 Likes

Thank you!
ifconfig eth0 mtu 1300 - solved the problem

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.