Certbot - Network unreachable when issuing certificate

I ran this command:
sudo ./letsencrypt-auto certonly --standalone --standalone-supported-challenges http-01

It produced this output:
WARNING: unable to check for updates.
Creating virtual environment…
Installing Python packages…
Traceback (most recent call last):
File “/tmp/tmp.hOFQLk2UJ0/pipstrap.py”, line 146, in
File “/tmp/tmp.hOFQLk2UJ0/pipstrap.py”, line 130, in main
for url, digest in PACKAGES]
File “/tmp/tmp.hOFQLk2UJ0/pipstrap.py”, line 112, in hashed_download
response = opener().open(url)
File “/usr/lib/python2.7/urllib2.py”, line 404, in open
response = self._open(req, data)
File “/usr/lib/python2.7/urllib2.py”, line 422, in _open
’_open’, req)
File “/usr/lib/python2.7/urllib2.py”, line 382, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/urllib2.py”, line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File “/usr/lib/python2.7/urllib2.py”, line 1184, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno 101] Network is unreachable>

My operating system is (include version):
Ubuntu 14.04.2 LTS (GNU/Linux 3.16.0-40-generic x86_64)

My web server is (include version):
Java Grizzly Server (listening NOT on port 80 or 443)

I can login to a root shell on my machine (yes or no, or I don’t know):
I use login as sudo user.


I wanted to issue a certificate with letsencrypt-auto. The server machine is behind a router. At the router port 80 is forwarded by Full-NAT (Network address translation) to port 80 of the server machine and in the firewall port 80 is opened. As I use a Java server which does not present any websites/files but offers a web service (clients like a desktop application, mobile app or another webserver call functions on the server) I cannot use a method like webroot and I use standalone.

I installed certbot on the server machine by:
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

And everytime I run the command which I wrote at the beginning of this thread I get the error that the network is unreachable, no matter if I added my domain with -d option or not. Is there anything wrong what I did? Does certbot with standalone method need other ports than 80 as well? As far as I know I can choose if I want to use port 80 or 443 and 443 is not possible for me.
Does anybody know what’s wrong?

I was wondering if you can configure certbot that it uses a proxy server to connect? When I cloned letsencrpyt directory with git, I used a proxy to connect, but I did not find a possibility to set up a proxy server for certbot.

Finally I found the solution on my own today:
Like I thought you have to set the proxy server. You can do it by changing the content of certbot-auto or letsencrypt-auto. Just put at the beginning (I did after the content of USAGE):
export http_proxy="http://username:password@proxyIP:proxyPort"
export https_proxy=“http://username:password@proxyIP:proxyPort”

username and password are the credentials you are logged in on Ubuntu. Save the file and run certbot-auto or letsencrypt-auto again. It worked :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.