The operating system my web server runs on is (include version): Ubuntu 18.04
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
I am trying to obtain a LetsEncrypt certificate for my domain. However, I keep running into the error requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45). This happens despite the fact that I can ping, traceroute, telnet, and curl https://acme-v02.api.letsencrypt.org without a problem. In addition, I have tried four validation methods, webroot, standalone, nginx, and dns - none work and all result in the same error. I have checked my firewall (both at OVH and iptables on the machine) and LE is not blocked.
Did you check whether you can connect to this site using IPv6?
curl -IL6v https://acme-v02.api.letsencrypt.org
If you can connect using IPv4:
curl -IL4v https://acme-v02.api.letsencrypt.org
Then maybe there is a IPv6 routing problem, or your firewall (ip6tables) is not allowing packets for IPv6. If that is the case, if you want a quick workaround you could get the IPv4 that is resolving for you and add it to your /etc/hosts to force certbot to use the IPv4 instead of IPv6.
IPv6 is disabled on the machine and thus doesn’t work:
* Rebuilt URL to: https://acme-v02.api.letsencrypt.org/
* Could not resolve host: acme-v02.api.letsencrypt.org
* Closing connection 0
curl: (6) Could not resolve host: acme-v02.api.letsencrypt.org
IPv4 does work correctly. The timeout still occurs when I add the IPv4 address to my hosts file.
So it looks like Letsencrypt (1) has a general timeout or (2) doesn't understand your specific Certificate request. But you don't have a blocking or corrupt CAA-entry.
If Letsencrypt checks the CAA entry and doesn't find one of gamecp.x2c0.net, then the next check is the CAA entry of x2c0.net. Perhaps there is a loop or something else.
Is it possible that you create a CAA entry for your subdomain? Then a CAA entry of x2c0.net would be ignored.
Did you mean CNAME? If you did mean CAA how can I create one on Cloudflare? I keep getting an error about the flags field being required even though there is none.
I don't know if Letsencrypt follows CNAME entries when checking the CAA of the main domain. But I would try it to create a CAA-entry with your subdomain.
If your log has the same informations (order and validation works, after uploading a Certificate signing request there is a timeout), it's a problem that Letsencrypt doesn't understand your Certificate signing request.