Can't get cerbot to work at all. Error: "An unexpected error occurred: requests.exceptions.ConnectionError: ('Connection aborted.', OSError(0, 'Error'))"

New to the forums but have been using certbot and LetsEncrypt for years. Apologies if my request for assistance isn't formatted correctly, don't know the ropes here yet.
For some reason one of the servers I'm running suddenly couldn't renew certs a few days ago (Went fine when I first set them up). In an act of desperation I reinstalled the OS (Server was a mess that had been repurposed a number of times). However the error persists.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: awamusoftwaresolutions.org

I ran this command: certbot --apache -d awamusoftwaresolutions.org -d www.awamusoftwaresolutions.org -d learning.awamusoftwaresolutions.org -v

It produced this output:

Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator apache and installer apache
Apache version is 2.4.38
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fabf6772b50>
Prep: True
Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fabf6772b50> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7fabf6772b50>
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): kantvelink@gmail.com
Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in validate_conn
conn.connect()
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connection.py", line 411, in connect
self.sock = ssl_wrap_socket(
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/util/ssl.py", line 428, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/util/ssl.py", line 472, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/snap/certbot/1093/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/snap/certbot/1093/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/snap/certbot/1093/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/snap/certbot/1093/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/util/retry.py", line 532, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/packages/six.py", line 734, in reraise
raise value.with_traceback(tb)
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in validate_conn
conn.connect()
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/connection.py", line 411, in connect
self.sock = ssl_wrap_socket(
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/util/ssl.py", line 428, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(
File "/snap/certbot/1093/lib/python3.8/site-packages/urllib3/util/ssl.py", line 472, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/snap/certbot/1093/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/snap/certbot/1093/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/snap/certbot/1093/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: ('Connection aborted.', OSError(0, 'Error'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/snap/certbot/1093/bin/certbot", line 8, in
sys.exit(main())
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 1435, in main
return config.func(config, plugins)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 1158, in run
le_client = _init_le_client(config, authenticator, installer)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 654, in _init_le_client
acc, acme = _determine_account(config)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/main.py", line 571, in _determine_account
acc, acme = client.register(
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/client.py", line 172, in register
acme = acme_from_config_key(config, key)
File "/snap/certbot/1093/lib/python3.8/site-packages/certbot/_internal/client.py", line 42, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/snap/certbot/1093/lib/python3.8/site-packages/acme/client.py", line 821, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/snap/certbot/1093/lib/python3.8/site-packages/acme/client.py", line 1165, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/snap/certbot/1093/lib/python3.8/site-packages/acme/client.py", line 1114, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/snap/certbot/1093/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/snap/certbot/1093/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/snap/certbot/1093/lib/python3.8/site-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', OSError(0, 'Error'))
An unexpected error occurred:
requests.exceptions.ConnectionError: ('Connection aborted.', OSError(0, 'Error'))
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache/2.4.38 (Debian)

The operating system my web server runs on is (include version): Debian GNU/Linux 10 (buster)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.14.0

Additional error that I think is the cause of my problem but have no idea how to resolve:
Running "openssl s_client -connect acme-v02.api.letsencrypt.org:443" produces this output;

CONNECTED(00000003)
write:errno=104

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 320 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

It looks like your server's IPv6 address had participated in a DDoS attack against Let's Encrypt. I've unblocked it, and you should now be able to request certificates again. By reinstalling the server, you've probably fixed whatever vulnerability the attacker used to leverage it for the DDoS.

Hi @kantvelink

are you sure your dns and your network is correct?

What says

ping acme-v02.api.letsencrypt.org
traceroute acme-v02.api.letsencrypt.org

Ah... Thank you. This indeed clarifies things. And it now works as expected.

Apologies for the DDoS, the server was indeed compromised at some point. Will attempt some more hardening this time around (Embarrassed to say I overlooked quite a few things as the server was more or less abandoned for some time).

Thanks again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.