Certbot: creation of certificates suddenly fails

I am new to letsencrypt, so please excuse I am asking a question multiple times answered on the forum already, but I did not find anything helpful.

I have a Qnap nas and running its implemented webserver. Cause I would like to install DAViCal on virtual machine on the NAS, I need Pound to forward the requests on similar ports depending on the subdomain.
Hence, I installed Pound and Certbot in an lxc-container according to this page: https://antrecu.com/blog/configure-lets-encrypt-service-pound-server

So far so good. Certbot worked fine in the beginning, I have been able to create a certificate for my domain reichmuthph.ch and one subdomain, cal.reichmuthph.ch. but I tried to do it for another subdomain, nothing works any more, neither for any subdomain nor for the domain itself any more. The output I got you can find below.


  • is the number of subdomains to create certificates for limited in letsencrypt?
  • is it possible to generate multiple certificates for one the same domain on the same machine (it is not very reasonable, but a good indication to isolate the error)?
  • and most important: how can I fix this?


Please fill out the fields below so we can help you better.

My domain is: reichmuthph.ch

I ran this command: /opt/certbot/letsencrypt-auto --text --email admin@reichmuthph.ch -d photo.reichmuthph.ch --agree-tos --standalone certonly

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

2017-07-17 21:29:23,293:DEBUG:certbot.main:certbot version: 0.16.0
2017-07-17 21:29:23,295:DEBUG:certbot.main:Arguments: [’–text’, ‘–email’, ‘admin@reichmuthph.ch’, ‘-d’, ‘photo.reichmuthph.ch’, ‘–agree-tos’, ‘–standalone’]
2017-07-17 21:29:23,295:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-07-17 21:29:23,497:DEBUG:certbot.log:Root logging level set at 20
2017-07-17 21:29:23,498:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-07-17 21:29:23,575:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2017-07-17 21:29:24,292:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f5b85e01910>
Prep: True
2017-07-17 21:29:24,294:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f5b85e01910> and installer None
2017-07-17 21:29:24,378:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u’mailto:admin@reichmuthph.ch’,), agreement=u’https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f5b846dd690>)>)), uri=u’https://acme-v01.api.letsencrypt.org/acme/reg/18877528’, new_authzr_uri=u’https://acme-v01.api.letsencrypt.org/acme/new-authz’, terms_of_service=u’https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf’), 17b0d9bda8726f28e8ba4807d444b643, Meta(creation_host=u’Pound-Proxy.fritz.box’, creation_dt=datetime.datetime(2017, 7, 17, 20, 2, 20, tzinfo=)))>
2017-07-17 21:29:24,381:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-07-17 21:29:24,391:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-07-17 21:30:09,616:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 743, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 667, in certonly
le_client = _init_le_client(config, auth, installer)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 390, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py”, line 234, in init
acme = acme_from_config_key(config, self.account.key)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py”, line 45, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 71, in init
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 654, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py”, line 627, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/sessions.py”, line 488, in request
resp = self.send(prep, **send_kwargs)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/sessions.py”, line 609, in send
r = adapter.send(request, **kwargs)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/adapters.py”, line 499, in send
raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

My web server is (include version): none up to now for these certificates, want to use them on Pound.

The operating system my web server runs on is (include version): Debian 8 Jessie, lxc-container on Qnap NAS

My hosting provider, if applicable, is: none

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ???

Kind of. It isn't directly limited, but the rate at which you can create certificates per domain is.


Your client can't connect to the Let's Encrypt API server. That's not directly related to exactly what you're doing (or trying to do).

There's an ongoing service disruption. Your issue is probably related to that.


If you're still having trouble once the status page is green again and everything is supposed to be working, you can investigate if there's some sort of networking issue with your client or the API CDN, but for now you might as well just sit tight.

1 Like

The service outage is now over. Please try again.

1 Like

I am also suddenly getting some kind of errors when attempting to issue any certificates.
acme-tiny.py bails out with a 500 error

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying XXXXXXXXXXX...
Signing certificate...
Traceback (most recent call last):
  File "acme_tiny.py", line 198, in <module>
  File "acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme_tiny.py", line 161, in get_crt
    raise ValueError("Error signing certificate: {0} {1}".format(code, result))
ValueError: Error signing certificate: 500 {
  "type": "urn:acme:error:serverInternal",
  "detail": "Error creating new cert",
  "status": 500

It works again like a charm.

Thanks for your support.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.