Certbot Manual - Network Timeouts Result in Weird Behaviour


#1

I will copy the log here. It is Kubuntu 16.04 with Letsencyot right from the repos.

2017-05-09 19:55:51,261:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.12.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 896, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 692, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 87, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 296, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 265, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 77, in get_authorizations
self._respond(resp, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 130, in _respond
resp, chall_update)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 154, in _send_responses
self.acme.answer_challenge(achall.challb, resp)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 245, in answer_challenge
response = self.net.post(challb.uri, response)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 686, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 697, in _post_once
response = self._send_request(‘POST’, url, data=data, **kwargs)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 631, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 488, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 609, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/adapters.py”, line 499, in send
raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

I will try it from 12.04 again.

Regards,
Jan


#2

Today I will try to generate another certificate with certbot.
There was no difference between Ubuntu 12.04 and Kubuntu 16.04, same error.

A very very strange thing happened, I got 4 empty .pem files - I do not understand how that can happen.
On 12.04 I generated/renewed a lot of certificates without problems.

I will notify the results off the next attempt.

Regardss,
Jan


#3

hi @janvl

Can you please let us know what command you are using and your domain as these are relevant to the troubleshooting.

It looks like a networking issue.

On the same machine can you run wget https://acme-v01.api.letsencrypt.org/directory

It should return a JSON file

I have seen certbot creating empty PEM files which is not an issue. I believe that the files are created first and then populate with data from the web server. If the data is not coming back reliably (due to timeouts) then that would explain why you are getting empty PEM files.

To tidy up you can run the certbot certificate delete commands.

Andrei


#4

Thanks Andrei,

I did receive a json-file. I had forgotten that the cert itself is in directory “archive” so I copied just the empty link.

Even the first ones were there, shame on me.

I used “sudo certbot certonly --expand --manual -d shop.control-engineering.at

Now I have to clear with the hoster how the certificate(s) will be handled.

I run a dedicated server for all newer websites and got spoiled by the one-click installation in Plesk.

Kind regards
Jan


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.