Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: dendietcontrung.net
I ran this command: /opt/letsencrypt/certbot-auto certonly –standalone
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host=’acme-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(‘: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution’,))
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version): Cloud server
The operating system my web server runs on is (include version): Linux
My hosting provider, if applicable, is: Viettel idc
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Is the server's DNS resolver working?
If you run "dig acme-v02.api.letsencrypt.org" or "dig www.google.com", what's the output?
When i run “dig acme-v02.api.letsencrypt.org” the output is
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> acme-v02.api.letsencrypt.org
;; global options: +cmd
;; connection timed out; no servers could be reached
When i run “dig www.google.com” the out is"
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12301
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 300 IN A 172.217.194.106
www.google.com. 300 IN A 172.217.194.103
www.google.com. 300 IN A 172.217.194.104
www.google.com. 300 IN A 172.217.194.105
www.google.com. 300 IN A 172.217.194.147
www.google.com. 300 IN A 172.217.194.99
;; Query time: 27 msec
;; SERVER: 115.84.181.20#53(115.84.181.20)
;; WHEN: Sat Apr 27 11:59:41 +07 2019
;; MSG SIZE rcvd: 128
Please advise
That’s strange.
What happens if you try “dig acme-v02.api.letsencrypt.org” several times, and:
dig eff.org
dig golang.org
dig letsencrypt.org
dig mozilla.org
Hi @luongtienltc
looks like your local dns is buggy. May be a problem of your configuration, may be a problem of your hoster.
Do you have an old, now wrong hosts - entry?
Perhaps add
23.63.149.194 acme-v02.api.letsencrypt.org
2a02:26f0:fc:290::3a8e: acme-v02.api.letsencrypt.org
in your hosts file.