Cannot get new certificate, readtimeout error

Your situation looks like one that I’ve seen occasionally from other users for a couple of years, where large POST requests (such as those containing a CSR) to the Akamai CDN in front of the Let’s Encrypt service, just time out.

Unfortunately I don’t know of a permanent solution, but you can try verify whether it’s the case by trying a different IP address to access the API server.

This can be done by modifying /etc/hosts with e.g.:

104.99.248.78 acme-v02.api.letsencrypt.org

You can also try 104.107.50.145.

Keep in mind this isn’t a workable long-term workaround, since the IP addresses will change eventually.

If neither of those work, you can also try lowering your network interface MTU. That worked for one person who suffered from this problem.

ifconfig eth0 mtu 1300
2 Likes