Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
error: cannot install "certbot": persistent network error: Post
"https://api.snapcraft.io/v2/snaps/refresh": dial tcp 185.125.188.55:443: connect: network
is unreachable
My web server is (include version):
Apache 2.4.58-1.1-x86_64
The operating system my web server runs on is (include version):
OpenSUSE Tumbleweed (up-to-date)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no. I use ssh
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Does your server have outgoing access to other sites?
Some people find using the pip instructions to be easier than having snap running, but regardless you'd need some level of outgoing access to get certbot installed and to be able to have it contact the Let's Encrypt API.
You should have perfectly fine network access to 185.125.188.55, so either your server has bad routing or your ISP/hosting provider has.
Unfortunately if I traceroute 185.125.188.55 myself, I'm not able to trace further than my own ISP, so it seems a firewall in between is blocking the traceroute. (Note that I can access the API perfectly fine, it's purely the traceroute.) So comparing traceroutes doesn't say much.. That said, it might give a slight hint if you'd traceroute 185.125.188.55 and post the output here.
Thanks for responding! Here my output:
zbox:/usr/local/bin # traceroute 185.125.188.55
traceroute to 185.125.188.55 (185.125.188.55), 30 hops max, 60 byte packets
connect: Network is unreachable
Well, it looks like your server can't access that part of the Internet. I guess check your routing tables and firewall rules, maybe something is pointing in the wrong direction and preventing your system from reaching 185.125.188.55.
You may be pointing in the right direction.
On my laptop, I can access https://api.snapcraft.io/
I get this response: snapcraft.io store API service - Copyright 2018-2022 Canonical.
On my server, I get this response:
Unable to connect
An error occurred during a connection to api.snapcraft.io.
My server and my laptop are in the same subnet. Strange!
I wasn't aware of any outgoing access limitations.
I set up the server a couple of days ago.
And so, a workaround may be to install certbot in a way that doesn't involve snap. But it may be good to have a better understanding of your server's routing and firewalls before proceeding much further, yes.
Yes. Something is strange here.
I haven't set up any access limitations myself.
I cannot ping the url:
ping api.snapcraft.io
ping: connect: Network is unreachable
But on another server in my network I get this result:
ping api.snapcraft.io
PING api.snapcraft.io (185.125.188.55) 56(84) bytes of data.
64 bytes from api.snapcraft.io (185.125.188.55): icmp_seq=1 ttl=50 time=24.6 ms
Your non-functional server is missing its default route. It's kinda strange Google works. It should not work without a route. The only thing working would be access to the local IP range?
Not at all. In the end, you've fixed your networking issue within an hour, so you're able to get further with getting a certificate So to me, it doesn't sound wasted
Well, honestly most of the things this community helps are are basically networking. We get a lot more challenges with incoming connections than outgoing connections, though.
Glad you got it figured out! Not a waste at all, it's helping get the web encrypted one site at a time.
