Cannot install certbot due to unreachable network

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

snap install --classic certbot

It produced this output:
error: cannot install "certbot": persistent network error: Post
"": dial tcp connect: network
is unreachable

My web server is (include version):
Apache 2.4.58-1.1-x86_64

The operating system my web server runs on is (include version):
OpenSUSE Tumbleweed (up-to-date)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no. I use ssh

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

  • (not installed)

Does your server have outgoing access to other sites?

Some people find using the pip instructions to be easier than having snap running, but regardless you'd need some level of outgoing access to get certbot installed and to be able to have it contact the Let's Encrypt API.


You should have perfectly fine network access to, so either your server has bad routing or your ISP/hosting provider has.

Unfortunately if I traceroute myself, I'm not able to trace further than my own ISP, so it seems a firewall in between is blocking the traceroute. (Note that I can access the API perfectly fine, it's purely the traceroute.) So comparing traceroutes doesn't say much.. That said, it might give a slight hint if you'd traceroute and post the output here.


Thanks for responding! Here my output:
zbox:/usr/local/bin # traceroute
traceroute to (, 30 hops max, 60 byte packets
connect: Network is unreachable

1 Like

My server is able to access internet sites.

Well, it looks like your server can't access that part of the Internet. I guess check your routing tables and firewall rules, maybe something is pointing in the wrong direction and preventing your system from reaching


You may be pointing in the right direction.
On my laptop, I can access
I get this response: store API service - Copyright 2018-2022 Canonical.

On my server, I get this response:
Unable to connect
An error occurred during a connection to

My server and my laptop are in the same subnet. Strange!
I wasn't aware of any outgoing access limitations.
I set up the server a couple of days ago.

And so, a workaround may be to install certbot in a way that doesn't involve snap. But it may be good to have a better understanding of your server's routing and firewalls before proceeding much further, yes.


Yes. Something is strange here.
I haven't set up any access limitations myself.
I cannot ping the url:
ping: connect: Network is unreachable

Pinging works fine.

But on another server in my network I get this result:
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=50 time=24.6 ms

I'm a bit lost in this moment;-)

1 Like

You could try using a proxy.


Please post the output of:

ip route list

Probably also a good idea to compare the output with the one from the working server.


ip route list dev enp86s0 proto kernel scope link src

Problem server:
--2024-01-22 18:56:38--
Resolving (,,, ...
Connecting to (||:443... failed: Network is unreachable.

Working server:
--2024-01-22 18:57:05--
Resolving (,,, ...
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 64 [text/html]
Saving to: ‘index.html’

#ip route list
default via dev eth0 proto dhcp dev eth0 proto kernel scope link src is my gateway.

Your non-functional server is missing its default route. It's kinda strange Google works. It should not work without a route. The only thing working would be access to the local IP range?


Could it be, that my gateway is not set up properly?

The malfunctioning server doesn't have the gateway correctly configured. It's probably not the gateway itself.


You're right.

I made a quick fix with
ip route add default via

--2024-01-22 19:14:19--
Resolving (,,, ...
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK

Now I have to find out how to set the gateway permanently...
Thanks for you help!

1 Like

That depends on how the server was configured. DHCP? Static IP?

That said, networking is not really the scope of this Community :slight_smile:


No you're right.

snap install --classic certbot
worked properly, so this issue is resolved.

I have to look in to the network configuration on my own;-)

This problem had nothing to do with certbot.
Sorry for the time wasted!

1 Like

Not at all. In the end, you've fixed your networking issue within an hour, so you're able to get further with getting a certificate :slight_smile: So to me, it doesn't sound wasted :wink:

1 Like

Well, honestly most of the things this community helps are are basically networking. We get a lot more challenges with incoming connections than outgoing connections, though. :wink:

Glad you got it figured out! Not a waste at all, it's helping get the web encrypted one site at a time.