Cannot get new certificate, readtimeout error

rufless · May 27, 2019, 7:01pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud.rempm.ru

I ran this command: certbot certonly --webroot -w /var/www/nextcloud -d cloud.rempm.ru

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 377, in _make_request
httplib_response = conn.getresponse(buffering=True)
TypeError: getresponse() got an unexpected keyword argument ‘buffering’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 379, in _make_request
httplib_response = conn.getresponse()
File “/usr/lib/python3.5/http/client.py”, line 1197, in getresponse
response.begin()
File “/usr/lib/python3.5/http/client.py”, line 297, in begin
version, status, reason = self._read_status()
File “/usr/lib/python3.5/http/client.py”, line 258, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), “iso-8859-1”)
File “/usr/lib/python3.5/socket.py”, line 575, in readinto
return self._sock.recv_into(b)
File “/usr/lib/python3.5/ssl.py”, line 929, in recv_into
return self.read(nbytes, buffer)
File “/usr/lib/python3.5/ssl.py”, line 791, in read
return self._sslobj.read(len, buffer)
File “/usr/lib/python3.5/ssl.py”, line 575, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 376, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 610, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 247, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 560, in urlopen
body=body, headers=headers)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 381, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 309, in _raise_timeout
raise ReadTimeoutError(self, url, “Read timed out. (read timeout=%s)” % timeout_value)
requests.packages.urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

JuergenAuer · May 27, 2019, 7:47pm

Hi @rufless

are you sure your Certbot can talk with Letsencrypt?

What says

curl https://acme-v02.api.letsencrypt.org/

rufless · May 27, 2019, 7:53pm

Hi
varnikovai@klg-srv-cloud:~$ curl https://acme-v02.api.letsencrypt.org/

Boulder: The Let's Encrypt CA

  <div class="col-xs-6 text-left">
    <h1>Boulder<br>
    <small>The Let's Encrypt CA</small></h1>
  </div>
</div>

<div class="row">
  <div class="col-xs-8 col-xs-offset-2 text-center">
    <h3>This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a> Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.</h3>
    <p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href="https://letsencrypt.org/"><tt>https://letsencrypt.org/</tt></a> for help.</p>
    <p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href="https://acme-v02.api.letsencrypt.org/directory"><tt>https://acme-v02.api.letsencrypt.org/directory</a></tt>.</p>
  </div>
</div>
<div class="row">
  <div class="col-xs-4 col-xs-offset-2 text-center">
    <p><a href="https://letsencrypt.status.io" title="Twitter">
      <i class="fa fa-area-chart"></i>
      Service Status (letsencrypt.status.io)
    </a></p>
  </div>
  <div class="col-xs-4 text-center">
    <p><a href="https://twitter.com/letsencrypt" title="Twitter">
      <i class="fa fa-twitter"></i>
      Check with us on Twitter
    </a></p>
  </div>
</div> <!-- row -->

JuergenAuer · May 27, 2019, 7:58pm

Ok, your server can talk with Letsencrypt. Are you sure this isn’t a temporary problem?

Or is your configuration inconsistent?

rufless · May 27, 2019, 8:05pm

I think that this is not a temporary problem. I tried to generate new certificate a several days in a row.
How can I test my configuration?

JuergenAuer · May 27, 2019, 9:02pm

Good question. I'm not so firm with these errors.

Are you sure

Certbot doesn't wait for your input?

Share that.

rufless · May 28, 2019, 5:20am

No requests for input from certbot.
Here /var/log/letsencrypt:

2019-05-28 07:52:56,463:DEBUG:certbot.main:certbot version: 0.31.0
2019-05-28 07:52:56,465:DEBUG:certbot.main:Arguments: [’–webroot’, ‘-w’, ‘/var/www/nextcloud’, ‘-d’, ‘cloud.rempm.ru’]
2019-05-28 07:52:56,465:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,P
luginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-05-28 07:52:56,478:DEBUG:certbot.log:Root logging level set at 20
2019-05-28 07:52:56,479:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-05-28 07:52:56,480:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-05-28 07:52:56,480:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7faf77d109b0>
Prep: True
2019-05-28 07:52:56,482:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at
0x7faf77d109b0> and installer None
2019-05-28 07:52:56,482:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2019-05-28 07:52:56,511:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(uri=‘https://acme-v02.api.letsencrypt.o
rg/acme/acct/57900409’, terms_of_service=None, body=Registration(key=None, agreement=None, terms_of_service_agreed=None, status=
None, contact=(), external_account_binding=None, only_return_existing=None), new_authzr_uri=None), b5d21b3621958dcb9943034a05d7d
934, Meta(creation_dt=datetime.datetime(2019, 5, 27, 17, 20, 27, tzinfo=), creation_host=‘klg-srv-cloud.kprmz.ru’))>
2019-05-28 07:52:56,513:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-05-28 07:52:56,516:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencryp
t.org
2019-05-28 07:52:56,868:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2019-05-28 07:52:56,869:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 658
Connection: keep-alive
Content-Type: application/json
Expires: Tue, 28 May 2019 04:52:56 GMT
Date: Tue, 28 May 2019 04:52:56 GMT
Server: nginx
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
X-Frame-Options: DENY
Pragma: no-cache

{
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“pvjhBJGioZ4”: “Adding random entries to the directory”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}

rufless · May 28, 2019, 5:22am

Second part of log:
2019-05-28 07:52:56,869:INFO:certbot.main:Obtaining a new certificate
2019-05-28 07:52:57,001:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0013_key-certbot.pem
2019-05-28 07:52:57,006:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0013_csr-certbot.pem
2019-05-28 07:52:57,008:DEBUG:acme.client:Requesting fresh nonce
2019-05-28 07:52:57,008:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-05-28 07:52:57,234:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-nonce HTTP/1.1” 200 0
2019-05-28 07:52:57,235:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 0
Replay-Nonce: KbwNNXrdmW8Pv1DPNKkV0p7ymk4A-72kwihwodJQOqM
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Date: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
X-Frame-Options: DENY
Pragma: no-cache

2019-05-28 07:52:57,235:DEBUG:acme.client:Storing nonce: KbwNNXrdmW8Pv1DPNKkV0p7ymk4A-72kwihwodJQOqM
2019-05-28 07:52:57,236:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “cloud.rempm.ru”\n }\n ]\n}’
2019-05-28 07:52:57,239:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUt
djAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzU3OTAwNDA5IiwgIm5vbmNlIjogIktid05OWHJkbVc4UHYxRFBOS2tWMHA3eW1rNEEtNzJrd2lod29kSlFP
cU0iLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNsb3VkLnJlbXBtLnJ1IgogICAgfQ
ogIF0KfQ”,
“signature”: “pI17JBK9IlpHHUb9_jAovQImJaUajzFVkLQS5y36HXdNHILsjBA7vN3cirvL0UTu7wn2qyvrd7kDGXK19RrgE76GKwWKheWfQHJKMx44acU3XmBF
zA9qcqHNnHQbdea0J-aESZir-iGFFXlPBHEid3Gy8892ZqAQcHq-E781uxiIYDCnp-u_VTyUbaTy_aTYHr2Zacoi0vWB0ntJNcsRnwTauc8rf2ObYcCjYmaIu1w0mwsz
qz5v1UajVkmLBmHK-eKNpHEh_SjUGzq2Hpx_3rLoHXIWRgXOemoj0mDoTKJatnmckHCIo-rbd9M-QSDlSHPYbv4HZijIxwz10yenuw”
}
2019-05-28 07:52:57,458:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-order HTTP/1.1” 201 361
2019-05-28 07:52:57,459:DEBUG:acme.client:Received response:
HTTP 201
Boulder-Requester: 57900409
Date: Tue, 28 May 2019 04:52:57 GMT
X-Frame-Options: DENY
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json
Pragma: no-cache
Location: https://acme-v02.api.letsencrypt.org/acme/order/57900409/474702749
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Replay-Nonce: RuUAQMaaJ54WqisMFglxcGmIGa-BFalY5Z3L6M_rQ3g
Strict-Transport-Security: max-age=604800
Content-Length: 361

{
“status”: “ready”,
“expires”: “2019-06-03T17:20:32Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “cloud.rempm.ru”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/57900409/474702749”
}
2019-05-28 07:52:57,459:DEBUG:acme.client:Storing nonce: RuUAQMaaJ54WqisMFglxcGmIGa-BFalY5Z3L6M_rQ3g
2019-05-28 07:52:57,460:DEBUG:acme.client:JWS payload:
b’’
2019-05-28 07:52:57,462:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/pa5px-MKXRSPWo
GT44zVDcLCSlQhMJoiO5z-ErflB58:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHovcGE1cHgtTUtYUlNQV29HVDQ0elZEY0xDU2xR
aE1Kb2lPNXotRXJmbEI1OCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NzkwMDQwOSIsICJub25jZSI6ICJS
dVVBUU1hYUo1NFdxaXNNRmdseGNHbUlHYS1CRmFsWTVaM0w2TV9yUTNnIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “”,
“signature”: “i-HVNDfKu4huCMUwcyr5AnOXq6dLYcgAQNG0on108FcXaIATTGURdEEzCxoskJijb88x7Jg-nhGHGt6653sQbz93avLhfxM6jnraFpMYr9WApnKX
U6oITZ0wrrL6xrjRGkT5jVbClOFNQOn999DshPUG_HRAaJAWvavvjHR1D9nUxCwjFftY7C3fY6UXzTYbycgslAt9IMR_4DTqZvALVKct-9iXOlkl1Dd_CgL_vUz8aMmr
4D1YWOFnOwyD6ixrYETefjsOHZj3o1TDot4uMzOLzMW-osa-iComuY9gEQtyYjlZEo0WHzUKm7ZfMwkF-oToYROAY7eBV-4hy8tm0w”
}
2019-05-28 07:52:57,682:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/authz/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-Erf
lB58 HTTP/1.1” 200 1256
2019-05-28 07:52:57,683:DEBUG:acme.client:Received response:
HTTP 200
Boulder-Requester: 57900409
Date: Tue, 28 May 2019 04:52:57 GMT
X-Frame-Options: DENY
Cache-Control: max-age=0, no-cache, no-store
Content-Type: application/json
Pragma: no-cache
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Replay-Nonce: 2nUmIcBn-3ulGSz-S9DxZ-q_LaDYqxdFaFgF1hafPRs
Strict-Transport-Security: max-age=604800
Content-Length: 1256

{
“identifier”: {
“type”: “dns”,
“value”: “cloud.rempm.ru”
},
“status”: “valid”,
“expires”: “2019-06-26T17:20:38Z”,
“challenges”: [
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497898”,
“token”: “GbgbTDK8pADiBNdq3PXlIItEd2MUEPOBDyShN0e5lU8”
},
{
“type”: “http-01”,
“status”: “valid”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497899”,
“token”: “9cmyr7XaeoZwyA6ZEiEWju6uy3TnLqtdHkv1GTRTinc”,
“validationRecord”: [
{
“url”: “http://cloud.rempm.ru/.well-known/acme-challenge/9cmyr7XaeoZwyA6ZEiEWju6uy3TnLqtdHkv1GTRTinc”,
“hostname”: “cloud.rempm.ru”,
“port”: “80”,
“addressesResolved”: [
“80.245.249.252”
],
“addressUsed”: “80.245.249.252”
}
]
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/pa5px-MKXRSPWoGT44zVDcLCSlQhMJoiO5z-ErflB58/16348497900”,
“token”: “RvX9YzmfI8KIxNxeo-_5heQxTydAtr1abjLAb2X_Myc”
}
]
}
2019-05-28 07:52:57,683:DEBUG:acme.client:Storing nonce: 2nUmIcBn-3ulGSz-S9DxZ-q_LaDYqxdFaFgF1hafPRs
2019-05-28 07:52:57,684:DEBUG:certbot.client:CSR: CSR(file=’/etc/letsencrypt/csr/0013_csr-certbot.pem’, data=b’-----BEGIN CERTIF
ICATE REQUEST-----\nMIICcTCCAVkCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP9\ngY9MCgYBQWX51YwrskavIwaFAFJxw8OG1x72xOe1GT
W/Rvd4b5o5bdpseDXJumg1\nbUEUvqRZTNR4QAUpILa6/pq2TEjBDwzs6uj2gFaHzS4I5jXQ8xOnfV0aNWk/shzw\nAiSEg4zXS0ZVBsUA1fjxYaJes00A/7e7iuERr7
XqJr7ZAAMtd0T7UmZDvrLWSOBM\n0EZDX6C9L91afOKe5/bExRcPGBXvGYTMBPK4EyujttctF4wJzhCh3h6t+Ui5IKxq\nJYfGK5A2IRwuvG1a2PCifRjT4vAO0aZPRh
KNytk0W8ychEdCRiJzcUZwD73rTljd\n4mQ4Ram7Yjib0RhWxm8CAwEAAaAsMCoGCSqGSIb3DQEJDjEdMBswGQYDVR0RBBIw\nEIIOY2xvdWQucmVtcG0ucnUwDQYJKo
ZIhvcNAQELBQADggEBAFZuHklfAdfAkIV+\nXje6zyO+1y6iLAtTs9sYn3akCsfTMKkYdyM9C3s5JzbXyHjbrlAjOtFyt+HkXt52\ndvWw7/B7jvCJqgVDkymIRGVVqZ
WE2k4YL+S9G5iCKMFhoxsSmyGkX2ZT2MIm8D3V\nke72otMVpOOaCbLlOEjOEPOyqscgqN4gHzVMvYkm4vRMpiKNWmxaMqieyAO3F3WJ\n2DEN9QFHAzhj6MhRCcQRNt
Bjhc2osBC2h6ko4OYaNojWEi9SDQX4v2tRe8TqeM0q\nbkePw+zhIJkyoxXnfAGygzBKTs+R6znEHN6KlJfeGde9fVXEvqCACoDYPaG9LkIN\nIAdlobI=\n-----END
CERTIFICATE REQUEST-----\n’, form=‘pem’)
2019-05-28 07:52:57,685:DEBUG:acme.client:JWS payload:
b’{\n “csr”: “MIICcTCCAVkCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP9gY9MCgYBQWX51YwrskavIwaFAFJxw8OG1x72xOe1GTW_Rvd4b
5o5bdpseDXJumg1bUEUvqRZTNR4QAUpILa6_pq2TEjBDwzs6uj2gFaHzS4I5jXQ8xOnfV0aNWk_shzwAiSEg4zXS0ZVBsUA1fjxYaJes00A_7e7iuERr7XqJr7ZAAMtd
0T7UmZDvrLWSOBM0EZDX6C9L91afOKe5_bExRcPGBXvGYTMBPK4EyujttctF4wJzhCh3h6t-Ui5IKxqJYfGK5A2IRwuvG1a2PCifRjT4vAO0aZPRhKNytk0W8ychEdCR
iJzcUZwD73rTljd4mQ4Ram7Yjib0RhWxm8CAwEAAaAsMCoGCSqGSIb3DQEJDjEdMBswGQYDVR0RBBIwEIIOY2xvdWQucmVtcG0ucnUwDQYJKoZIhvcNAQELBQADggEBA
FZuHklfAdfAkIV-Xje6zyO-1y6iLAtTs9sYn3akCsfTMKkYdyM9C3s5JzbXyHjbrlAjOtFyt-HkXt52dvWw7_B7jvCJqgVDkymIRGVVqZWE2k4YL-S9G5iCKMFhoxsSm
yGkX2ZT2MIm8D3Vke72otMVpOOaCbLlOEjOEPOyqscgqN4gHzVMvYkm4vRMpiKNWmxaMqieyAO3F3WJ2DEN9QFHAzhj6MhRCcQRNtBjhc2osBC2h6ko4OYaNojWEi9SD
QX4v2tRe8TqeM0qbkePw-zhIJkyoxXnfAGygzBKTs-R6znEHN6KlJfeGde9fVXEvqCACoDYPaG9LkINIAdlobI”,\n “resource”: “new-cert”\n}’
2019-05-28 07:52:57,688:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/57900409/47
4702749:
{
“protected”: “eyJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZmluYWxpemUvNTc5MDA0MDkvNDc0NzAyNzQ5IiwgImtp
ZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzU3OTAwNDA5IiwgIm5vbmNlIjogIjJuVW1JY0JuLTN1bEdTei1TOUR4Wi1x
X0xhRFlxeGRGYUZnRjFoYWZQUnMiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJjc3IiOiAiTUlJQ2NUQ0NBVmtDQVFJd0FEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5QOWdZOU1DZ1lCUV
dYNTFZd3Jza2F2SXdhRkFGSnh3OE9HMXg3MnhPZTFHVFdfUnZkNGI1bzViZHBzZURYSnVtZzFiVUVVdnFSWlROUjRRQVVwSUxhNl9wcTJURWpCRHd6czZ1ajJnRmFIel
M0STVqWFE4eE9uZlYwYU5Xa19zaHp3QWlTRWc0elhTMFpWQnNVQTFmanhZYUplczAwQV83ZTdpdUVScjdYcUpyN1pBQU10ZDBUN1VtWkR2ckxXU09CTTBFWkRYNkM5TD
kxYWZPS2U1X2JFeFJjUEdCWHZHWVRNQlBLNEV5dWp0dGN0RjR3SnpoQ2gzaDZ0LVVpNUlLeHFKWWZHSzVBMklSd3V2RzFhMlBDaWZSalQ0dkFPMGFaUFJoS055dGswVz
h5Y2hFZENSaUp6Y1Vad0Q3M3JUbGpkNG1RNFJhbTdZamliMFJoV3htOENBd0VBQWFBc01Db0dDU3FHU0liM0RRRUpEakVkTUJzd0dRWURWUjBSQkJJd0VJSU9ZMnh2ZF
dRdWNtVnRjRzB1Y25Vd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGWnVIa2xmQWRmQWtJVi1YamU2enlPLTF5NmlMQXRUczlzWW4zYWtDc2ZUTUtrWWR5TTlDM3M1Sn
piWHlIamJybEFqT3RGeXQtSGtYdDUyZHZXdzdfQjdqdkNKcWdWRGt5bUlSR1ZWcVpXRTJrNFlMLVM5RzVpQ0tNRmhveHNTbXlHa1gyWlQyTUltOEQzVmtlNzJvdE1WcE
9PYUNiTGxPRWpPRVBPeXFzY2dxTjRnSHpWTXZZa200dlJNcGlLTldteGFNcWlleUFPM0YzV0oyREVOOVFGSEF6aGo2TWhSQ2NRUk50QmpoYzJvc0JDMmg2a280T1lhTm
9qV0VpOVNEUVg0djJ0UmU4VHFlTTBxYmtlUHctemhJSmt5b3hYbmZBR3lnekJLVHMtUjZ6bkVITjZLbEpmZUdkZTlmVlhFdnFDQUNvRFlQYUc5TGtJTklBZGxvYkkiLA
ogICJyZXNvdXJjZSI6ICJuZXctY2VydCIKfQ”,
“signature”: “UGmKS55rI5WPMjkBAUWDAgYCkf-yC_VIxy8_3C5WmZCLgGnJRQEuwPC8stS0_kOUdifOzk6_GS6b8B1EZeT7VKNQUsaRy5EQwiYSyZd_1dRpJUCw
9AaX0rPX-N41i-kH1BVMKJigrxNGVSxrw9xjt-ksrIh4zUICs0E-Hh9syrzVnjV0Wcw_R3s8UwEyDgYFsXT9Sp4NL5MgLkVovBg5z8ITOVSL5KTYEuE3MBZEeavJPIkm
xc1fyC9ilzINVgbgWjPAJkfCykAJsN_miqPwjjn4f5s6EWg1zK1WB-f77-sLbefvTw9hEcUti2OVt0blRnXYv-xu6-DBUUvjtPHIig”
}
2019-05-28 07:53:42,736:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 377, in _make_request
httplib_response = conn.getresponse(buffering=True)
TypeError: getresponse() got an unexpected keyword argument ‘buffering’

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 379, in _make_request
httplib_response = conn.getresponse()
File “/usr/lib/python3.5/http/client.py”, line 1197, in getresponse
response.begin()
File “/usr/lib/python3.5/http/client.py”, line 297, in begin
version, status, reason = self._read_status()
File “/usr/lib/python3.5/http/client.py”, line 258, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), “iso-8859-1”)
File “/usr/lib/python3.5/socket.py”, line 575, in readinto
return self._sock.recv_into(b)
File “/usr/lib/python3.5/ssl.py”, line 929, in recv_into
return self.read(nbytes, buffer)
File “/usr/lib/python3.5/ssl.py”, line 791, in read
return self._sslobj.read(len, buffer)
File “/usr/lib/python3.5/ssl.py”, line 575, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 376, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 610, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 247, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 560, in urlopen
body=body, headers=headers)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 381, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 309, in _raise_timeout
raise ReadTimeoutError(self, url, “Read timed out. (read timeout=%s)” % timeout_value)
requests.packages.urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read
timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 369, in obtain_certificate
cert, chain = self.obtain_certificate_from_csr(csr, orderr)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 301, in obtain_certificate_from_csr
orderr = self.acme.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 908, in finalize_order
return self.client.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 734, in finalize_order
self._post(orderr.body.finalize, wrapped_csr)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 95, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1185, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1201, in _post_once
response = self._send_request(‘POST’, url, data=data, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1101, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 468, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 576, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 449, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeo
ut=45)
2019-05-28 07:53:42,741:ERROR:certbot.log:An unexpected error occurred:

rufless · May 28, 2019, 9:00am

No any requests for input from certbot.
Here log:

2019-05-28 07:52:56,463:DEBUG:certbot.main:certbot version: 0.31.0
2019-05-28 07:52:56,465:DEBUG:certbot.main:Arguments: [’–webroot’, ‘-w’, ‘/var/www/nextcloud’, ‘-d’, ‘cloud.rempm.ru’]
2019-05-28 07:52:56,465:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,P
luginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-05-28 07:52:56,478:DEBUG:certbot.log:Root logging level set at 20
2019-05-28 07:52:56,479:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-05-28 07:52:56,480:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2019-05-28 07:52:56,480:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7faf77d109b0>
Prep: True
2019-05-28 07:52:56,482:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at
0x7faf77d109b0> and installer None
2019-05-28 07:52:56,482:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2019-05-28 07:52:56,511:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(uri=‘https://acme-v02.api.letsencrypt.o
rg/acme/acct/57900409’, terms_of_service=None, body=Registration(key=None, agreement=None, terms_of_service_agreed=None, status=
None, contact=(), external_account_binding=None, only_return_existing=None), new_authzr_uri=None), b5d21b3621958dcb9943034a05d7d
934, Meta(creation_dt=datetime.datetime(2019, 5, 27, 17, 20, 27, tzinfo=), creation_host=‘klg-srv-cloud.kprmz.ru’))>
2019-05-28 07:52:56,513:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-05-28 07:52:56,516:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencryp
t.org
2019-05-28 07:52:56,868:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2019-05-28 07:52:56,869:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 658
Connection: keep-alive
Content-Type: application/json
Expires: Tue, 28 May 2019 04:52:56 GMT
Date: Tue, 28 May 2019 04:52:56 GMT
Server: nginx
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
X-Frame-Options: DENY
Pragma: no-cache

{
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“pvjhBJGioZ4”: “Adding random entries to the directory”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2019-05-28 07:52:56,869:INFO:certbot.main:Obtaining a new certificate
2019-05-28 07:52:57,001:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0013_key-certbot.pem
2019-05-28 07:52:57,006:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0013_csr-certbot.pem
2019-05-28 07:52:57,008:DEBUG:acme.client:Requesting fresh nonce
2019-05-28 07:52:57,008:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-05-28 07:52:57,234:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-nonce HTTP/1.1” 200 0
2019-05-28 07:52:57,235:DEBUG:acme.client:Received response:
HTTP 200
Content-Length: 0
Replay-Nonce: KbwNNXrdmW8Pv1DPNKkV0p7ymk4A-72kwihwodJQOqM
Connection: keep-alive
Expires: Tue, 28 May 2019 04:52:57 GMT
Date: Tue, 28 May 2019 04:52:57 GMT
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Server: nginx
Cache-Control: max-age=0, no-cache, no-store
Strict-Transport-Security: max-age=604800
X-Frame-Options: DENY
Pragma: no-cache