Error coming through when trying to get ssl verified with my domain

Yatez · April 7, 2020, 12:19am

Using Ubuntu 18.04 i enter the command:

sudo certbot --apache -d your_domain -d www.your_domain

And it starts if fine.
then after cleaning up challenges. Error.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for serveryates.co.uk
http-01 challenge for www.serveryates.co.uk
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 387, in _make_request
six.raise_from(e, None)
File “”, line 3, in raise_from
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 383, in _make_request
httplib_response = conn.getresponse()
File “/usr/lib/python3.6/http/client.py”, line 1346, in getresponse
response.begin()
File “/usr/lib/python3.6/http/client.py”, line 307, in begin
version, status, reason = self._read_status()
File “/usr/lib/python3.6/http/client.py”, line 268, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), “iso-8859-1”)
File “/usr/lib/python3.6/socket.py”, line 586, in readinto
return self._sock.recv_into(b)
File “/usr/lib/python3.6/ssl.py”, line 1012, in recv_into
return self.read(nbytes, buffer)
File “/usr/lib/python3.6/ssl.py”, line 874, in read
return self._sslobj.read(len, buffer)
File “/usr/lib/python3.6/ssl.py”, line 631, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 440, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 367, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 601, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 389, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 309, in _raise_timeout
raise ReadTimeoutError(self, url, “Read timed out. (read timeout=%s)” % timeout_value)
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

Yatez · April 7, 2020, 12:21am

I then try to access the log files with
Sudo nano /var/log/letsencrypt
But it is completely empty

_az · April 7, 2020, 12:22am

It would be

/var/log/letsencrypt/letsencrypt.log

The full traceback would be useful, as it would show which particular operation led to the timeout. To me it looks similar to some timeouts that other users experienced, due to NAT firewalls.

Yatez · April 7, 2020, 12:25am

Cheers
here is the log
2020-04-06 14:56:17,331:DEBUG:certbot.main:certbot version: 0.27.0
2020-04-06 14:56:17,333:DEBUG:certbot.main:Arguments: ['-q']
2020-04-06 14:56:17,334:DEBUG:certbot.main:Discovered plugins: PluginsRegistry($
2020-04-06 14:56:17,352:DEBUG:certbot.log:Root logging level set at 30
2020-04-06 14:56:17,353:INFO:certbot.log:Saving debug log to /var/log/letsencry$
2020-04-06 14:56:17,376:DEBUG:certbot.renewal:no renewal failures
2020-04-06 14:57:30,059:DEBUG:certbot.main:certbot version: 0.27.0
2020-04-06 14:57:30,061:DEBUG:certbot.main:Arguments: ['--apache']
2020-04-06 14:57:30,061:DEBUG:certbot.main:Discovered plugins: PluginsRegistry($
2020-04-06 14:57:30,074:DEBUG:certbot.log:Root logging level set at 20
2020-04-06 14:57:30,076:INFO:certbot.log:Saving debug log to /var/log/letsencry$
2020-04-06 14:57:30,076:DEBUG:certbot.plugins.selection:Requested authenticator$
2020-04-06 14:57:30,196:DEBUG:certbot_apache.configurator:Apache version is 2.4$
2020-04-06 14:57:30,666:DEBUG:certbot.plugins.selection:Single candidate plugin$
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7fc$
Prep: True

_az · April 7, 2020, 12:28am

Looks like it got cut off.

If you like, a simple way to upload the log is to run:

sudo tail -n 2000 /var/log/letsencrypt/letsencrypt.log | nc termbin.com 9999

(needs netcat if not already installed: sudo apt install netcat).

Yatez · April 7, 2020, 12:32am

What should i try and do to fix it?

_az · April 7, 2020, 12:33am

Oh, I meant that the log got cut off - you did not post its entire contents.

Could you try the way of uploading the log in my previous post? It should produce a link you can copy. Or find a different way to post the entire thing.

Yatez · April 7, 2020, 12:40am

Weird i put your code in to upload after installing netcat and it just comes up with a black line nothing being written no error code or anything.

_az · April 7, 2020, 12:45am

:\ . Firewall? Not sure, works for me.

I can offer one speculative solution, and that’s to lower your network interface’s MTU.

It’s worked for a whole bunch of users in the past. Large packets - such as the one where the final certificate chain is sent to Certbot - tend to cause MTU issues like this to crop up to the surface.

You can try (substituting eth0 for your internet interface if necessary):

sudo ifconfig eth0 mtu 1300

and if need be, you can revert it to 1500 the same way.

To avoid hitting rate limits, test using:

sudo certbot certonly -a apache --dry-run -d your_domain -d www.your_domain

Yatez · April 7, 2020, 12:47am

Sorry to sound dumb but how can i check what my internet interface is

_az · April 7, 2020, 12:50am

If you run:

sudo ip route

you should see something like:

default via x.x.x.x dev DDDD

Whatever DDDD is, that’s it.

Yatez · April 7, 2020, 12:54am

magically thats worked and it is saying its worked but when i logged into my domoain its says its still not secure

_az · April 7, 2020, 12:55am

Which Certbot command did you run ?

The --dry-run one, or the one you originally tried?

Yatez · April 7, 2020, 12:55am

I run the Original one

_az · April 7, 2020, 12:56am

Your site looks fine for me, for what it’s worth. It shows the certificate was issued just now.

Maybe try closing the browser tab and opening https://serveryates.co.uk/ again? Browsers tend to not refresh that info very well.

Yatez · April 7, 2020, 12:57am

thank you for your help thats all good now

system · May 7, 2020, 12:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.