Cannot renew my certificates

vbsupport · January 8, 2024, 12:35pm

My domain is: all my domains: vbsupport.ru, vb3.vbsupport.ru, vb5.vbsupport.ru

I ran this command: certbot renew

It produced this output: Attempting to renew cert (vbsupport.ru) from /etc/letsencrypt/renewal/vbsupport.ru.conf produced an unexpected error: Requesting acme-v02.api.letsencrypt.org/directory: Connection timed out. Skipping.

My web server is (include version): NGINX 1.10.3

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.28.0

I also run the command
curl -v https://acme-v02.api.letsencrypt.org/directory
The output is

Trying 172.65.32.248...
TCP_NODELAY set
Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
TCP_NODELAY set
connect to 172.65.32.248 port 443 failed: Connection timed out
connect to 2606:4700:60:0:f53d:5624:85c7:3a2c port 443 failed: Connection timed out
Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out
Closing connection 0
curl: (7) Failed to connect to acme-v02.api.letsencrypt.org port 443: Connection timed out

Other sites are loaded with Curl properly.

9peppe · January 8, 2024, 12:56pm

Please upgrade or switch to another acme client

petercooperjr · January 8, 2024, 1:20pm

Well, if you can't get to Let's Encrypt's servers, then you're not going to be able to request a certificate from it. When you say "other sites", is that on both IPv4 & IPv6? Some networks get confused that the IPv4 server address starts with 172.65, even though that is (and always has been) a "normal" public IP even though it is "close" to the 172.16.0.0/12 private IP space, so you may want to check your routing and firewall rules.

rg305 · January 8, 2024, 4:59pm

That's the least of their problems...

EOL: Jan 2020 [3 years ago]

EOL: April 2017 [6 years and 9 months ago]

Osiris · January 8, 2024, 5:18pm

I understand why that server isn't connected to the internet! The possible exploits

vbsupport · January 13, 2024, 11:16am

Hi, you were right: my APF firewall blocked letsencrypt.org IPs. Now everything works after I reconfigured my FW.

system · February 12, 2024, 11:17am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Renew request getting timed out Help	10	3562	August 9, 2018
HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45) Help	2	890	September 21, 2022
Renew Certs Error Help	20	4157	February 2, 2018
Timeout when renewing cert Help	7	1954	August 31, 2017
HTTPSConnectionPool error when trying to renew cert Help	11	5881	May 19, 2017

Cannot renew my certificates

Related topics