Cetificat wen ubuntu 18-04 lts server speedtest

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:speedtest.skyvisiongn.com

I ran this command: sudo certbot --apache

It produced this output: root@speedserver:~# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): isbban@gmail.com
An unexpected error occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 141, in _new _conn
(self.host, self.port), self.timeout, **extra_kw)
File “/usr/lib/python3/dist-packages/urllib3/util/connection.py”, line 60, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File “/usr/lib/python3.6/socket.py”, line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 601, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 346, in _make_request
self._validate_conn(conn)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 852, in _validate_conn
conn.connect()
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 284, in conn ect
conn = self._new_conn()
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 150, in _new _conn
self, “Failed to establish a new connection: %s” % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnecti on object at 0x7ff18819e828>: Failed to establish a new connection: [Errno -2] N ame or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 440, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 388, in incr ement
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=‘acme-v02.api.letsenc rypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewCo nnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff18819e 828>: Failed to establish a new connection: [Errno -2] Name or service not known ',))

During handling of the above exception, another exception occurred:

requests.exceptions.ConnectionError: HTTPSConnectionPool(host=‘acme-v02.api.lets encrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by Ne wConnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff188 19e828>: Failed to establish a new connection: [Errno -2] Name or service not kn own’,))
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): apache

The operating system my web server runs on is (include version): ubuntu 18

My hosting provider, if applicable, is: hostinger

I can login to a root shell on my machine (yes or no, or I don’t know): oui

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): non

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

NB:I do not see the dns plugin to host him hostinger

#2

It looks like your server does not have the ability to resolve DNS.

What does this show?

host acme-v02.api.letsencrypt.org
dig acme-v02.api.letsencrypt.org
1 Like
#3

why and how??
why and how
i have installed an esxi there’s three server running on the same machine it works and why not

#4

@lebasto7, @_az would like you to run those two commands on your server and show the output here.

The error message that you saw from Certbot suggests that your server can’t perform DNS lookups. This isn’t necessarily inconsistent with having some kinds of services working properly on your server, because not everything needs to perform DNS lookups in order to function. (However, if your server’s ability to do DNS lookups is broken, other things might not work—like applying software updates!)

#5

why commands???
me when I listen this here is the error he sends

root@speedserver:~# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): bangoura@skyvision-ms.net
An unexpected error occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 141, in _new_conn
(self.host, self.port), self.timeout, **extra_kw)
File “/usr/lib/python3/dist-packages/urllib3/util/connection.py”, line 60, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File “/usr/lib/python3.6/socket.py”, line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 601, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 346, in _make_request
self._validate_conn(conn)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 852, in _validate_conn
conn.connect()
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 284, in connect
conn = self._new_conn()
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 150, in _new_conn
self, “Failed to establish a new connection: %s” % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7fd428385828>: Failed to establish a new connection: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 440, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x7fd428385828>: Failed to establish a new connection: [Errno -2] Name or service not known’,))

During handling of the above exception, another exception occurred:

requests.exceptions.ConnectionError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x7fd428385828>: Failed to establish a new connection: [Errno -2] Name or service not known’,))
Please see the logfiles in /var/log/letsencrypt for more details.

and why this error

#6

This error is apparently because your server is not able to perform DNS lookups.

@_az would like you to run these commands and show their output in order to confirm that this is the problem.

1 Like
#7

he wrote me no order for execution

#8

you wanted to execute a command then it’s the qeulle ???

#9

These two:

host acme-v02.api.letsencrypt.org
dig acme-v02.api.letsencrypt.org

If you have trouble with this discussion in English, we also have a category for help in French:

https://community.letsencrypt.org/c/help/aide-en-francais

#10

here is the message
1st:
**root@speedserver:~# host acme-v02.api.letsencrypt.org
;; connection timed out; no servers could be reached
**
2nd:
**root@speedserver:~# dig acme-v02.api.letsencrypt.org

; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> acme-v02.api.letsencrypt.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52017
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;acme-v02.api.letsencrypt.org. IN A

;; Query time: 2743 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Mar 05 06:30:40 GMT 2019
;; MSG SIZE rcvd: 57
**

#11

Your DNS resolver configuration on your server is broken. This prevents your server from making most outbound connections. (It doesn’t prevent your server from receiving inbound connections.) This could be because of a firewall or because your server is pointed at a DNS resolver that doesn’t work or doesn’t allow your server to use it.

1 Like
#12

so i have to take back my server my server dns what i have to configure or what ??

#13

I’m not sure what the reason for the problem is because I don’t know anything about your server environment. Maybe you could take a look at the contents of /etc/resolv.conf?

1 Like
#14

Hi @lebasto7,

I would really like to suggest that you try French because in your most recent private message to me I found that you hadn’t understand the thing that I was asking you to do. I suspect that we have a pretty difficult language barrier here, and our forum does have a category for help in French (although most of the time only one person provides help in French, his help is excellent!).

#15

@tdelmas, do you think you could try to help in French here? I feel I’ve been having some difficulties in communicating with @lebasto7 about this server problem (the inability for the server itself to resolve DNS names).

2 Likes
#16

Bonjour @lebasto7
Apparemment certbot n’arrive pas à joindre acme-v02.api.letsencrypt.org car il n’arrive pas à résoudre son nom avec DNS. D’où l’erreur “Name or service not known”.

Le diagnostique de @schoen est que le résolveur DNS de votre serveur est cassé. Avez-vous modifié sa configuration, par exemple, /etc/resolv.conf, ou une autre modification qui pourrait expliquer le problème?

1 Like
#18

This file is managed by man:systemd-resolved(8). Do not edit.

This is a dynamic resolv.conf file for connecting local clients to the

internal DNS stub resolver of systemd-resolved. This file lists all

configured search domains.

Run “systemd-resolve --status” to see details about the uplink DNS servers

currently in use.

Third party programs must not access this file directly, but only through the

symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,

replace this symlink by a static file or a different symlink.

See man:systemd-resolved.service(8) for details about the supported modes of

operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0

Configuration du certificat pour mon server web
#19

I’ve continue to help investigate: Configuration du certificat pour mon server web

The problem is definitively with the DNS resolver:
dig @8.8.8.8 acme-v02.api.letsencrypt.org works
dig acme-v02.api.letsencrypt.org doesn’t works
dig www.google.com works
Anybody have an idea how to investigate further ?

#20

I see the ip address

23.63.149.194

So the user can create a host entry

acme-v02.api.letsencrypt.org 23.63.149.194

so the server has this ip address

PS: Somewhere in drivers/etc/host

#21

On Unix it’s called /etc/hosts.