Certbot error with certbot --apache command

Tagogue · April 25, 2024, 3:55pm

I encounter a problem when I run the command: certbot --apache I get this error: root@Serveur-1-Machine-Web-1:/home/tagogue# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): tagogueoff@gmail.com
An unexpected error occurred:
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I don't have a firewall on my machine and I opened the ports on my router before it worked and recently it no longer works.

Osiris · April 25, 2024, 6:19pm

Can you perhaps run the command:

curl -LIv https://acme-v02.api.letsencrypt.org/directory

and show the entire output?

Tagogue · April 25, 2024, 6:34pm

root@Serveur-1-Machine-Web-1:/home/tagogue# curl -LIv https://acme-v02.api.letsencrypt.org/directory

Trying 172.65.32.248:443...
Trying [2606:4700:60:0:f53d:5624:85c7:3a2c]:443...
Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Le réseau n'est pas accessible
connect to 172.65.32.248 port 443 failed: Aucun chemin d'accès pour atteindre l'hôte cible
Failed to connect to acme-v02.api.letsencrypt.org port 443 after 3095 ms: Couldn't connect to server
Closing connection 0
curl: (7) Failed to connect to acme-v02.api.letsencrypt.org port 443 after 3095 ms: Couldn't connect to server
root@Serveur-1-Machine-Web-1:/home/tagogue#

Does it work for you?

Osiris · April 25, 2024, 7:16pm

Yes and probably for thousands too as we speak. The IP addresses are also the same for me.

It seems your IPv4 and IPv6 are giving different errors.

Can you try the following commands?

traceroute -4 acme-v02.api.letsencrypt.org
traceroute -6 acme-v02.api.letsencrypt.org
traceroute -4 -T -p 443 acme-v02.api.letsencrypt.org
traceroute -6 -T -p 443 acme-v02.api.letsencrypt.org

Tagogue · April 25, 2024, 7:30pm

root@Serveur-1-Machine-Web-1:/home/tagogue# traceroute -4 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 172-1-2-1.lightspeed.hstntx.sbcglobal.net (172.1.2.1) 3074.965 ms !H 3074.900 ms !H 3074.865 ms !H
root@Serveur-1-Machine-Web-1:/home/tagogue# traceroute -6 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (2606:4700:60:0:f53d:5624:85c7:3a2c), 30 hops max, 80 byte packets
connect: Le réseau n'est pas accessible
root@Serveur-1-Machine-Web-1:/home/tagogue# traceroute -4 -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 172-1-2-1.lightspeed.hstntx.sbcglobal.net (172.1.2.1) 3063.504 ms !H 3063.423 ms !H 3063.399 ms !H
root@Serveur-1-Machine-Web-1:/home/tagogue# traceroute -6 -T -p 443 acme-v02.api.letsencrypt.org

connect: Le réseau n'est pas accessible
root@Serveur-1-Machine-Web-1:/home/tagogue#

Tagogue · April 25, 2024, 7:41pm

I do not have access to this url even via my browser on my PC: https://acme-v02.api.letsencrypt.org/directory

I wonder if it's my router that's causing the problem.

Osiris · April 25, 2024, 7:51pm

Is your IP address 172.1.2.1, i.e. is that your own router? Or is that the router of your ISP?

Also it's quite strange that 172.1.2.1 replies only after 3 (!!!) seconds (!!!) with the !H error (="host unreachable").

(Also, you probably don't have any IPv6 configured, correct?)

rg305 · April 26, 2024, 2:49am

With an IP address like this:

I think it is likely to blame for the IPv4 routing problem.
[unless your ISP is AT&T]
See: ARIN Whois/RDAP - American Registry for Internet Numbers