Encountered exception during recovery: socket.timeout: timed out

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: studiojb-demo.com

I ran this command:
sudo certbot certonly --dry-run --rsa-key-size 4096 --dns-google --dns-google-propagation-seconds 180 --dns-google-credentials /root/Creds/GoGo-net-0d7723de2714.json --agree-tos --non-interactive -m info@studiojb-demo.com -d studiojb-demo.com -d *.studiojb-demo.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Account registered.
Simulating a certificate request for studiojb-demo.com and *.studiojb-demo.com
Encountered exception during recovery: socket.timeout: timed out
An unexpected error occurred:
socket.timeout: timed out
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.5.0

2

Hello @GESmith, welcome to the Let's Encrypt community. :slightly_smiling_face:

You are trying to get a wildcard certificate, yet your DNS CAA record doesn't have the wildcard issue for letsencrypt.org; just issue.

https://unboundtest.com/m/CAA/studiojb-demo.com/ZJ3Z7KVG

Query results for CAA studiojb-demo.com

Response:
;; opcode: QUERY, status: NOERROR, id: 14734
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;studiojb-demo.com.	IN	 CAA

;; ANSWER SECTION:
studiojb-demo.com.	0	IN	CAA	0 issue "letsencrypt.org"

----- Unbound logs -----
Apr 15 21:28:17 unbound[1133615:0] notice: init module 0: validator
Apr 15 21:28:17 unbound[1133615:0] notice: init module 1: iterator

You need to add to the DNS CAA record issuewild "letsencrypt.org", or remove the CAA record.

1 Like
3

Here is a list of issued certificates crt.sh | studiojb-demo.com, the latest being 2023-04-09 and for *.studiojb-demo.com and studiojb-demo.com.
When did you last modify (or create) the DNS CAA record?

4

The CAA thing looks like a "red herring".

We should have a look at this file.

3 Likes
5

Hi @GESmith please follow @rg305 advice. :slight_smile:

1 Like
6

Okay, here is the log:

ubuntu@ip-10-133-116-185:~$ sudo cat /var/log/letsencrypt/letsencrypt.log
2023-04-10 17:43:15,235:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 1491
2023-04-10 17:43:15,617:DEBUG:certbot._internal.main:certbot version: 2.5.0
2023-04-10 17:43:15,617:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/2913/bin/certbot
2023-04-10 17:43:15,617:DEBUG:certbot._internal.main:Arguments: ['--dry-run', '--rsa-key-size', '4096', '--dns-google', '--dns-google-propagation-seconds', '180', '--dns-google-credentials', '/root/Creds/GoGo-net-0d7723de2714.json', '--agree-tos', '--non-interactive', '-m', 'info@network-ideas.net', '-d', 'studiojb-demo.com', '-d', '*.studiojb-demo.com', '--preconfigured-renewal']
2023-04-10 17:43:15,617:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#dns-google,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-04-10 17:43:15,632:DEBUG:certbot._internal.log:Root logging level set at 30
2023-04-10 17:43:15,633:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-google and installer None
2023-04-10 17:43:15,638:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-google
Description: Obtain certificates using a DNS TXT record (if you are using Google Cloud DNS for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-google = certbot_dns_google._internal.dns_google:Authenticator
Initialized: <certbot_dns_google._internal.dns_google.Authenticator object at 0x7fdc0b29b130>
Prep: True
2023-04-10 17:43:15,638:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_google._internal.dns_google.Authenticator object at 0x7fdc0b29b130> and installer None
2023-04-10 17:43:15,638:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-google, Installer None
2023-04-10 17:43:16,766:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2023-04-10 17:43:16,768:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2023-04-10 17:44:02,046:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 830
2023-04-10 17:44:02,046:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Apr 2023 21:44:02 GMT
Content-Type: application/json
Content-Length: 830
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "3otMiuPTj1I": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-04-10 17:44:02,047:DEBUG:acme.client:Requesting fresh nonce
2023-04-10 17:44:02,047:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2023-04-10 17:44:02,121:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-04-10 17:44:02,121:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Apr 2023 21:44:02 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A272lVSmt59v_Avc8tM3a-5ZJbik_Rdwxnbky2HFLx-foas
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-04-10 17:44:02,121:DEBUG:acme.client:Storing nonce: A272lVSmt59v_Avc8tM3a-5ZJbik_Rdwxnbky2HFLx-foas
2023-04-10 17:44:02,122:DEBUG:acme.client:JWS payload:
b'{\n  "termsOfServiceAgreed": true\n}'
2023-04-10 17:44:02,140:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInZhZUxRVnJxMDZoN0lCMk5Gb0FDWlNPSWRQWkdudlgteFZlc1paTjdXeklGcVNDcEJDc3ZZbW5SVjZBRkZMdVBab3NXSEMxZTlIWE9qUEFERHdDSXVCUEY2Yk02RW95N1RZbThMOWNQWTFxcXR6alJ4TGJYYlJJbGN1U1c0MUNyYkt6TF9rd1ZxYnpfZWVac0pTdGZGcWVXSVBRTDFvRFlTeU5HQmt2Q2pYMUl2Qy1qclE3czhJWnI1cWJTUXZGN2JvdUFHV3ZuTjBNUjRqUHViQU1DU3gwdUUwT1pSb3RIMzVlck4zYmw5andKMG1vZy1aQkxTQVFpUFN2bGJES3YwQTVxZTFROUo4UDJqUFNnbk82MHdZV1B3MEJhOUJkUEcxTC12NlhNRk9rSUpxcWxseGN1ckJaSWlLSm0xdGdqWWM2MWx1bGJxRFV1YXRlVDVNVGFhb3o0emo4Ql9QU0lFZEtZS3RXZnBUNFVOU0FyWWJjcGkzdTRJZVdJeXRnNnNWa19BZnF0V2t2OHJRMTZJVTZRVEJaUnhLZlo4ZkpibXFFWEVKQkU0NUFTSWJKczRUTjc5YU10dllEQVRXX2Q5WUxHRFo4R0Jhem5MRUxaN09LMnY5RnVCZTVZaTllc0paVno5cDNMcHd3WFVjQ3p3NzVRSlZwMDdJRWdiazhJcVA2dWk2MXZHMmVrd3g3a1A5TWVUWTBUaTM0ZFRLRlpONUpHR2Z3YWhPem1DZGFXMk9MaXZ0TTNKaENpU2JVNGJobXBOTVV2d2w3MlUtRmZrbnR5S3ZVRmx5YXZTMlZyQkZEdjNqTUlzNUNWSXl2cEdjQXA4U0lHeVV1NG90dEFSaGl4b0s0UGJuY1JQYlpBdkhxdEFJTWZfRWlOVjdhR2VDeGk2SE5ZWnlrIiwgImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIn0sICJub25jZSI6ICJBMjcybFZTbXQ1OXZfQXZjOHRNM2EtNVpKYmlrX1Jkd3huYmt5MkhGTHgtZm9hcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCJ9",
  "signature": "c1_uxsgnsk_cicg8N22G0VZRcQWqCsG3byhO-z_BWsVXwSZG92JOvA9rs3L6A9jC32eXxdlyzQ8rez06aaRWkoQNZcXQa8yGvOdPREPEPFgABkYGsxqUig6MhYpm505AsA7IMRrG-A8gCwD7D3MJ3lC5NvpVlB16nudimCY5al8ZrcHQ4xeTfV1JppyCGrvp1M9zd-HNv6eZ3i1FQ6nl4MaPEHzppRQ_QZeQ1OMRx8F477UPbgdLbLFSLLsq1ReMV1SZSyxIFeK-rtcCYSw4OTHdhDf31ShNX_Jm9u4EY7ZVcoBL_jjzvm5XB99Z6ZQicmuTMvf3boFEIW0lz_GoaHCYtMA58T0G__w_Bu-0l4TTKMsYSFykjC-yl--P9oxyw1KmX99GVHSGemg3fkRAAgIph7VHti1vLDGtltMyO0I6sO7Bxt6lcF0XZiq4iedGPeQDcg4vBbpn_Dwg6JuYfANBrOWSzH9v5D98eP1s8bDfVSqETuvJVoy_IMFRZqUqxTNI7HgIiIj4TOTcPN9NSu1yiIRSe3TEHxTPmUSsiRd8zIDpR-OV-piemCY_OLfPkewsTtbMLc6Eb4LeJRec1yCFGZtM-eoFI4dobgELhF-JXRhKraSkqTWSg6QDHF9OrMom2kYix_qnKNMBA960-tV2fES-d_ftJrGFdqhR4rY",
  "payload": "ewogICJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWUKfQ"
}
2023-04-10 17:44:02,234:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 849
2023-04-10 17:44:02,235:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 10 Apr 2023 21:44:02 GMT
Content-Type: application/json
Content-Length: 849
Connection: keep-alive
Boulder-Requester: 97579864
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf>;rel="terms-of-service"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/acct/97579864
Replay-Nonce: 8F05o0ECjuZ3THDxkojEYLHllBvkKgRqZeVJfwjjelCWBMU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "vaeLQVrq06h7IB2NFoACZSOIdPZGnvX-xVesZZN7WzIFqSCpBCsvYmnRV6AFFLuPZosWHC1e9HXOjPADDwCIuBPF6bM6Eoy7TYm8L9cPY1qqtzjRxLbXbRIlcuSW41CrbKzL_kwVqbz_eeZsJStfFqeWIPQL1oDYSyNGBkvCjX1IvC-jrQ7s8IZr5qbSQvF7bouAGWvnN0MR4jPubAMCSx0uE0OZRotH35erN3bl9jwJ0mog-ZBLSAQiPSvlbDKv0A5qe1Q9J8P2jPSgnO60wYWPw0Ba9BdPG1L-v6XMFOkIJqqllxcurBZIiKJm1tgjYc61lulbqDUuateT5MTaaoz4zj8B_PSIEdKYKtWfpT4UNSArYbcpi3u4IeWIytg6sVk_AfqtWkv8rQ16IU6QTBZRxKfZ8fJbmqEXEJBE45ASIbJs4TN79aMtvYDATW_d9YLGDZ8GBaznLELZ7OK2v9FuBe5Yi9esJZVz9p3LpwwXUcCzw75QJVp07IEgbk8IqP6ui61vG2ekwx7kP9MeTY0Ti34dTKFZN5JGGfwahOzmCdaW2OLivtM3JhCiSbU4bhmpNMUvwl72U-FfkntyKvUFlyavS2VrBFDv3jMIs5CVIyvpGcAp8SIGyUu4ottARhixoK4PbncRPbZAvHqtAIMf_EiNV7aGeCxi6HNYZyk",
    "e": "AQAB"
  },
  "initialIp": "52.86.136.180",
  "createdAt": "2023-04-10T21:44:02.18615061Z",
  "status": "valid"
}
2023-04-10 17:44:02,235:DEBUG:acme.client:Storing nonce: 8F05o0ECjuZ3THDxkojEYLHllBvkKgRqZeVJfwjjelCWBMU
2023-04-10 17:44:02,239:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2023-04-10 17:44:02,240:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fdc0b30afd0>)>), contact=(), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/97579864', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'), 570dc5b09deb2a21b137fa17dcf409f5, Meta(creation_dt=datetime.datetime(2023, 4, 10, 21, 44, 2, tzinfo=<UTC>), creation_host='ip-10-133-116-185.ec2.internal', register_to_eff=None))>
2023-04-10 17:44:02,240:DEBUG:certbot._internal.display.obj:Notifying user: Simulating a certificate request for studiojb-demo.com and *.studiojb-demo.com
2023-04-10 17:44:02,276:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "studiojb-demo.com"\n    },\n    {\n      "type": "dns",\n      "value": "*.studiojb-demo.com"\n    }\n  ]\n}'
2023-04-10 17:44:02,288:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85NzU3OTg2NCIsICJub25jZSI6ICI4RjA1bzBFQ2p1WjNUSER4a29qRVlMSGxsQnZrS2dScVplVkpmd2pqZWxDV0JNVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "FTB5tz7HsdSALy_fOJSRZFEusx1VyN7yIeTQ7CrEcHR9KVSocySGl2ViUVXZR9_MzENaDtpn1L4fETjTyX8indfvY1gWs6mRSox10b8NU_fs1c4oFHR1FtyBuXX_MrJZfSWdvv4mwhRp-7F8Iph11T3Zti23mlLWusgVE2f0DYRBfVDcPvw3q0qXz23ypfVEhK_mvV7Y5tdcXzm1TOApLIUPdCaI2vHrOJ9jcGy9Nv-6EWHbuUo6BgROCXafO2CbxXHYw5YxYIm0js_zmZVOXwjUkjBjaKN3A1_H4cEBSfnlqg5CgTb8J-f3G3IluoU5kv0fupUWjIHFZWs54qbQryI5V5wkW0K3bRfrpu0JzKDx9DL8vmzxOos4ogfWNa85eAUapbxhx0R68FqXh3oZzBQaOOu6avUjKIF0ujkmHss9YuKX8MnWqoQ_LKaPyRLYq4PqiXHnva40vTCM9LKhYsphtgfQ6Ebjzy-_AKcnsy63ov88efwLTaGK5FtzEAbkKGmetecdKRNmv5QsZByzz0Q9ExZYmJsMcRe9l6v5-Qe4GuDyLouU4ugKCtSlGRiNLEZ7shtAjDt97EUSgLhW7P45zSAyzYEBLdPQOF3rtnKO1DITRuJoMB1jpVW7cxxxNwyTRPRfsn2cZd6oUqSF-z6OSFwPax5eoSvGkNtqJDI",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInN0dWRpb2piLWRlbW8uY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouc3R1ZGlvamItZGVtby5jb20iCiAgICB9CiAgXQp9"
}
2023-04-10 17:44:02,405:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 501
2023-04-10 17:44:02,405:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 10 Apr 2023 21:44:02 GMT
Content-Type: application/json
Content-Length: 501
Connection: keep-alive
Boulder-Requester: 97579864
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/97579864/8206083504
Replay-Nonce: 8F05CyzWOV7-UzEp-AQX2Jqqu06cf3WQ8qGJcj5GWnWz8Cs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-04-17T21:44:02Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.studiojb-demo.com"
    },
    {
      "type": "dns",
      "value": "studiojb-demo.com"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6073519064",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6073519074"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/97579864/8206083504"
}
2023-04-10 17:44:02,406:DEBUG:acme.client:Storing nonce: 8F05CyzWOV7-UzEp-AQX2Jqqu06cf3WQ8qGJcj5GWnWz8Cs
2023-04-10 17:44:02,407:DEBUG:acme.client:JWS payload:
b''
2023-04-10 17:44:02,416:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6073519064:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85NzU3OTg2NCIsICJub25jZSI6ICI4RjA1Q3l6V09WNy1VekVwLUFRWDJKcXF1MDZjZjNXUThxR0pjajVHV25XejhDcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82MDczNTE5MDY0In0",
  "signature": "IhkarKiYvD04W8a4U9hFwuMUfeTsgMoyI4RxtkZYOzQ8BXXHzQmhoJEUXzgFZfWOq_-YOOU_2swKtm-YKHv3Lo51_Ju5OuRO0DwbtPFxjK5Hy2obS8IfxAaeEkYsXZluHrhvg228NofAZZwfmzzvoLkqI4oO7mhIcAajVYPY1uKkSmF9x6REFkIG1_irXShyxKTPtkGS-DXlaqrUD-Nmeknj36-HkTvXaOJqW19mg90LOgMbbFWA9gKuVSv03AnXjSjc8lsGqC0FsoFaEGYC7jGxWAsozi9-I9FMUY-RrlijOO6z6EG5LQ86MPWjzbe8YralgseeqSN5JU9YpW83weNoWGnN2FKiQv-sxg4b8oZLOw_eAnYp_ua7CWBcTWBa765Y3_QajExZ3dA3sJB4iLIVBP_d86USgPNFsS4fmoTQJ0AL5Jdkw-8FB7FPt67swjYMc1l-RwJK9VVkePu91qInHRfACtC05mXfVxd9sHynwOlECT_tHr1IDvvcOLi74hr4bTtqI7J80isk4czS0yYl4gPYfuwP1YGsAYfmxYs0k9YfAuGS3p8muSxhmUnENnms_bzJf3IXeqaueh-ZMiKoCwgSf0AmlTxo8C0WKu0tntCu5tiqEwQDycNWMbP6uX97fQ4ls4273Ztxidcfc2iAYyJRhLZe0uE93tkBNYc",
  "payload": ""
}
2023-04-10 17:44:02,494:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/6073519064 HTTP/1.1" 200 397
2023-04-10 17:44:02,494:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Apr 2023 21:44:02 GMT
Content-Type: application/json
Content-Length: 397
Connection: keep-alive
Boulder-Requester: 97579864
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 8F05xRFG9xMzpPQ-EtXgd_zy2B0lGgg3VwI37Pqha3hREU4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "studiojb-demo.com"
  },
  "status": "pending",
  "expires": "2023-04-17T21:44:02Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/6073519064/XAHssw",
      "token": "OpbbwvGL1Jvw0Rh9tImRNiYdxprMwOjHSlwLawLcglk"
    }
  ],
  "wildcard": true
}
2023-04-10 17:44:02,494:DEBUG:acme.client:Storing nonce: 8F05xRFG9xMzpPQ-EtXgd_zy2B0lGgg3VwI37Pqha3hREU4
2023-04-10 17:44:02,495:DEBUG:acme.client:JWS payload:
b''
2023-04-10 17:44:02,505:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/6073519074:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85NzU3OTg2NCIsICJub25jZSI6ICI4RjA1eFJGRzl4TXpwUFEtRXRYZ2RfenkyQjBsR2dnM1Z3STM3UHFoYTNoUkVVNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My82MDczNTE5MDc0In0",
  "signature": "jsUxgNLHR3vqPXn32qrDLrj0_gSaUxER7AMKwiIr1TSqoKsqq8HScL6KQcki3ir6sX86XOjNj3-lX-FuzP8uC3Qd7VnEEaB8-1CgnMWKs0eKNQqyVdF6uTDI_8miJUSecwfPQz5A9SK7Lt_xMJjB8FquJPxzJS3_McFpLWs93wFoC72yBp11oK_DXG_4hS-zsdjsWjsmNR49eJHZrbLejoBYUjUowqFIfXwnngJSIEuXCFbzkZ-ySVUOo4AuTSncE9fEdOe9wDROUI6Xj5K6CyW-bUF42ndiLnpGWtnway0lNjACZWfSbeSyP_6ICkJYgjd9KgYqXZno7RDaVAXa0DaCTgBbYon15xTHoIcUH6xHY9cFoysg5bUhDCcp2xUqtS6gCFWv1IsdufCwwy-MzgLiWdrY8-ufIlBTSwxuSJ_HJARLXM1okFrzbDkEcDSE6yddq5v2-3hcaSaK223XBGljznDeK_RhRo9XEerRX2BhPciC3isBdYvb-wmhw6ML_5NZgpF5Nlejcir1ZRZSxvLjyTv04CbZJteh-_4tCb5yNA6K-IifULqWOvWz3NZ-LSqVakdPfKzLrssowC9IrhMeH56L4FbPiXpes_IOwZqUKQcjrDkYldvDfJknZPJlxmmJRHDA44QMVrbNh815UmW_DMWfQzw864QUmiFqi7Y",
  "payload": ""
}
2023-04-10 17:44:02,584:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/6073519074 HTTP/1.1" 200 819
2023-04-10 17:44:02,584:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 10 Apr 2023 21:44:02 GMT
Content-Type: application/json
Content-Length: 819
Connection: keep-alive
Boulder-Requester: 97579864
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A272LZVr3XWqhR8KDpZbwXz6kgQwhQDrj-_0k8TnycfpQ8o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "studiojb-demo.com"
  },
  "status": "pending",
  "expires": "2023-04-17T21:44:02Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/6073519074/FBi3oA",
      "token": "BHqOj8wV7stJPOVTcG5L1VNf2RU00q-RjX7H4Spn26E"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/6073519074/zxhJtQ",
      "token": "BHqOj8wV7stJPOVTcG5L1VNf2RU00q-RjX7H4Spn26E"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/6073519074/c3gQ0A",
      "token": "BHqOj8wV7stJPOVTcG5L1VNf2RU00q-RjX7H4Spn26E"
    }
  ]
}
2023-04-10 17:44:02,585:DEBUG:acme.client:Storing nonce: A272LZVr3XWqhR8KDpZbwXz6kgQwhQDrj-_0k8TnycfpQ8o
2023-04-10 17:44:02,585:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-04-10 17:44:02,585:INFO:certbot._internal.auth_handler:dns-01 challenge for studiojb-demo.com
2023-04-10 17:44:02,585:INFO:certbot._internal.auth_handler:dns-01 challenge for studiojb-demo.com
2023-04-10 17:44:02,603:DEBUG:googleapiclient.discovery:URL being requested: GET https://dns.googleapis.com/dns/v1/projects/jbelthoff-net/managedZones?dnsName=studiojb-demo.com.&alt=json
2023-04-10 17:44:02,603:INFO:oauth2client.transport:Attempting refresh to obtain initial access_token
2023-04-10 17:44:02,606:DEBUG:oauth2client.crypt:[b'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjBkNzcyM2RlMjcxNGQyNzYxZTFmY2Q3NmQyMjk1MzhkMjg1OTJmZWEifQ', b'eyJhdWQiOiJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlbiIsInNjb3BlIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9uZGV2LmNsb3VkZG5zLnJlYWR3cml0ZSIsImlhdCI6MTY4MTE2MzA0MiwiZXhwIjoxNjgxMTY2NjQyLCJpc3MiOiJkbnMtY29ubmVjdEBqYmVsdGhvZmYtbmV0LmlhbS5nc2VydmljZWFjY291bnQuY29tIn0', b'OViGSdy_kl4Kb-G0SMncnJAKm6-3A5JMOYa4THT86Los10sZc3isAaXMuxlRJ30lQtVlNFgGbpbKs_Qq9yRIc3pogysvMArjHhIwm4tpACgID3VQ2EbVF3HTDU93cIjY5fxDSEKWPCEkHzmSRrXyvGzLfTro_aXZEmo17qGxcfWT2-2Mny3RUJGsoVxwo3pu6y6bh0M-Qs6fXXwlTlTkf_V5c1gP29cooUryWynA3WUJW3XmuDs7oeqVcCM7Te8vLgcM8aTIr-i69TPkaHfLrM5kXrQxUSQVMrEZetQX4VV95R6mybUxRvtyYC64QfpH_faKoeZFBiNZmuOHBcg8LA']
2023-04-10 17:44:02,607:INFO:oauth2client.client:Refreshing access_token
2023-04-10 17:45:02,698:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 76, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py", line 67, in _perform
    self._get_google_client().add_txt_record(domain, validation_name, validation, self.ttl)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py", line 116, in add_txt_record
    zone_id = self._find_managed_zone_id(domain)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py", line 281, in _find_managed_zone_id
    response = request.execute()
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/googleapiclient/http.py", line 923, in execute
    resp, content = _retry_request(
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/googleapiclient/http.py", line 222, in _retry_request
    raise exception
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/googleapiclient/http.py", line 191, in _retry_request
    resp, content = http.request(uri, method, *args, **kwargs)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/oauth2client/transport.py", line 159, in new_request
    credentials._refresh(orig_request_method)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/oauth2client/client.py", line 749, in _refresh
    self._do_refresh_request(http)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/oauth2client/client.py", line 778, in _do_refresh_request
    resp, content = transport.request(
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/oauth2client/transport.py", line 280, in request
    return http_callable(uri, method=method, body=body, headers=headers,
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/httplib2/__init__.py", line 1720, in request
    (response, content) = self._request(
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/httplib2/__init__.py", line 1440, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/httplib2/__init__.py", line 1362, in _conn_request
    conn.connect()
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/httplib2/__init__.py", line 1152, in connect
    sock.connect((self.host, self.port))
socket.timeout: timed out

2023-04-10 17:45:02,699:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-04-10 17:45:02,699:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-04-10 17:45:02,707:DEBUG:googleapiclient.discovery:URL being requested: GET https://dns.googleapis.com/dns/v1/projects/jbelthoff-net/managedZones?dnsName=studiojb-demo.com.&alt=json
2023-04-10 17:45:02,707:INFO:oauth2client.transport:Attempting refresh to obtain initial access_token
2023-04-10 17:45:02,710:DEBUG:oauth2client.crypt:[b'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjBkNzcyM2RlMjcxNGQyNzYxZTFmY2Q3NmQyMjk1MzhkMjg1OTJmZWEifQ', b'eyJhdWQiOiJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlbiIsInNjb3BlIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9uZGV2LmNsb3VkZG5zLnJlYWR3cml0ZSIsImlhdCI6MTY4MTE2MzEwMiwiZXhwIjoxNjgxMTY2NzAyLCJpc3MiOiJkbnMtY29ubmVjdEBqYmVsdGhvZmYtbmV0LmlhbS5nc2VydmljZWFjY291bnQuY29tIn0', b'HJCU_NE9XfF-7k9ZiNfw3j76Isssn-Ptce0NwSQzvXF-tVX7lrxj5EmGSHc2WC4Lv25uy0v-R5X3Fqnh_jZxB0UmIxy9qcMsW4pQU4EdcKdORJZcApmqx51PryZnblIvGfrA_7Vn5pZ-s91XssliNPOFF-_UOG0NMvUUvULD5XvAReev2Gx4lqQBESoWwj-Z50UjOw1ytGxboDcnwBY1RMHm5oyT1cjBnO7Y0faZ31sWWbzcldJU67vUTCy5JeMOE1u2yjjiHVLKaAjhS4npXBwoLv8CIME0t0OgImJrM4qamcaVHIVKhsO0LO9VUZCWRCNVvBivrCfjQajgsvm26g']
2023-04-10 17:45:02,710:INFO:oauth2client.client:Refreshing access_token
2023-04-10 17:46:02,785:ERROR:certbot._internal.error_handler:Encountered exception during recovery: socket.timeout: timed out
2023-04-10 17:46:02,785:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/2913/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/2913/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 76, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py", line 67, in _perform
    self._get_google_client().add_txt_record(domain, validation_name, validation, self.ttl)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py", line 116, in add_txt_record
    zone_id = self._find_managed_zone_id(domain)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/certbot_dns_google/_internal/dns_google.py", line 281, in _find_managed_zone_id
    response = request.execute()
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/googleapiclient/http.py", line 923, in execute
    resp, content = _retry_request(
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/googleapiclient/http.py", line 222, in _retry_request
    raise exception
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/googleapiclient/http.py", line 191, in _retry_request
    resp, content = http.request(uri, method, *args, **kwargs)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/oauth2client/transport.py", line 159, in new_request
    credentials._refresh(orig_request_method)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/oauth2client/client.py", line 749, in _refresh
    self._do_refresh_request(http)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/oauth2client/client.py", line 778, in _do_refresh_request
    resp, content = transport.request(
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/oauth2client/transport.py", line 280, in request
    return http_callable(uri, method=method, body=body, headers=headers,
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/httplib2/__init__.py", line 1720, in request
    (response, content) = self._request(
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/httplib2/__init__.py", line 1440, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/httplib2/__init__.py", line 1362, in _conn_request
    conn.connect()
  File "/snap/certbot-dns-google/current/lib/python3.8/site-packages/httplib2/__init__.py", line 1152, in connect
    sock.connect((self.host, self.port))
socket.timeout: timed out
2023-04-10 17:46:02,799:ERROR:certbot._internal.log:An unexpected error occurred:
2023-04-10 17:46:02,799:ERROR:certbot._internal.log:socket.timeout: timed out
ubuntu@ip-10-133-116-185:~$
1 Like
7

Not the problem in this case; if there aren't any "issuewild" directives, then it defaults to "issue" for both wildcard and non-wildcard certificates.

4 Likes
8

This looks like a network communication issue between your EC2 instance and the Google Cloud Platform servers, probably to https://oauth2.googleapis.com/token.

Unfortunately I don't have any useful advice to give you, other than the standard investigations (are you using a proxy, are you using IPv6 networking, are you doing anything unusual on your VPC NAT etc).

4 Likes
9

I don't believe I am doing anything non standard with the networking but I will dive in and see.

Thanks!

1 Like
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.