Certbot - URLLIB Read Timeout

Hello folks,

First of all, thanks for the great work. I’m fairly new to this game, so no doubt I’ve botched something fairly simple. Below is the error I’m getting when I run certbot-auto renew:

Attempting to renew cert from /etc/letsencrypt/renewal/mysite.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Read timed out. (read timeout=45). Skipping.

As I understand it, the issue seems to be that I’m not getting a reply from the letsencrypt server, is that right? But it’s up and running according to the status page.

This is an nginx server on Raspbian.

What happens if you try to run:

curl https://acme-v01.api.letsencrypt.org/directory

curl -6 https://acme-v01.api.letsencrypt.org/directory

curl -4 https://acme-v01.api.letsencrypt.org/directory

In general, can you make HTTPS connections to that site, or others hosted by the Akamai CDN, or others not hosted by Akamai? Does the system have IPv6 connectivity? Does the system think it has IPv6 connectivity?

I get a normal return for the first and third commands. I’ve disabled IPv6 on the server. Could that be causing an issue? I wouldn’t think it would be necessary.

hi @Cato

I usually prefer testing is done via the requests python library (as well as CURL)

Just because CURL returns a valid response doesn’t mean there’s not something funky going on with the URLLIB library (what Certbot uses to make HTTPS calls)

Test code below:

Andrei

Looks good.

r.status_code
200

r.text
u’{\n “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,\n “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,\n “new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,\n “new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,\n “revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”\n}’

hmmmmm

can you run with -vvv which should give some verbosity

It’s a weird error that has cropped up a few times before :frowning:

Andrei

Lol, verbosity was an understatement. I’ve filtered out all of the “import chardet langhungarian” etc output, below is the rest.

import chardet.escsm # precompiled from /usr/lib/python2.7/dist-packages/chardet/escsm.pyc
u’{\n “key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,\n “new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,\n “new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,\n “new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,\n “revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”\n}’

Thanks for taking a look!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.