Cant renew certificate, problem with connecting to acme-staging


Hello all,

I have used a Lets Encrypt while for a long time, but suddenly my certificate expired, however I did configure auto renewal and i know 99% sure that it worked before.
Now i wanted to renew my certificate, but when I try I cant get past this stage:
Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1):

There seems to be a problem setting up a connection, what can be the problem?

Thank you for your help


How are you trying to renew your certificate? Using what client? is the staging (or sanbox) envoirment, intended for developers to test their code, it’s not for production. To renew a real certificate, your client should’ve used I’m guessing it means that your client still developing the renewal option, and you cannot use it now. You might want to use other client.

If you trying to develop a client and trying to build a renewal function, then I can’t help you :confounded:


I am using Certbot. I am running CentOS 7.
I tried certbot renew --dry-run
As well as certbot --apache

Nothing seems to work. I hope you can help :slight_smile:

edit: the --dry-run command is for testing only, that explains why it used that url, my bad. However, when trying the --apache command, noting actually happens when I press enter. It seems to stay there forever doing nothing.

edit2: Running the command certbot renew shows me that it now tries to connect to
But nothing happens from there… it seems like it cannot establish a connection somehow…


can you use the --verbose option, and then paste the log in or somewhere it can be read ?


Here is the output by using certbot renew --verbose

I deleted domain names for security reasons.
As you can see the whole process stops at Starting new HTTPS connection (1):

Thank you for your help


Does it time out ? or what happens after the

Starting new HTTPS connection (1): line ?

As a note - all domain names are publicly listed as soon as certificates are obtained, so there is no “security” benefit of removing the domain name.


It doesnt time out it seems. I have let it run overnight and its still in the same spot.
Starting new HTTPS connection (1): is the last line…


Can you ping What’s the output for traceroute


Here is the output for ping and traceroute, looks normal to me?


Yep, that looks fine. From your previous run with --verbose (or a new one, if those logs are gone), can you check if the logs in /var/log/letsencrypt contain anything else other than the “Starting new HTTPS connection …” message?

Does curl -v succeed?


curl seems to succeed:
[root@srvwb-mid-001 ~]# curl -v

The log files dont go any further than the Starting new HTTPS connection message, hmm this does not get easier!

EDIT: I got a little further, it seemed that the Cisco firewall was blocking the connexction… I am going to open the firewall and try to renew the cert after. I will post the outcome…


My certificate is succesfully renewed. At the end it was just a Cisco firewall problem on my side, thank you all for your help! :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.