Error renewing certificate (NS1)


#1

I can’t seem to be able to renew a wildcard certificate for my domain.
Creating the certificate the first time was fine.

I appreciate the help!

My domain is: evan.mp

I ran this command: sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/evan.mp-0001.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator dns-nsone, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for evan.mp
dns-01 challenge for evan.mp
Unsafe permissions on credentials configuration file: /home/gryffyn/cert/apikey
Cleaning up challenges
Attempting to renew cert (evan.mp-0001) from /etc/letsencrypt/renewal/evan.mp-0001.conf produced an unexpected error: Unexpected error determining zone identifier for evan.mp: HTTPSConnectionPool(host=‘api.nsone.net’, port=443): Max retries exceeded with url: /v1/zones/evan.mp (Caused by NewConnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1021cb83c8>: Failed to establish a new connection: [Errno -2] Name or service not known’)). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/evan.mp-0001/fullchain.pem (failure)


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/evan.mp-0001/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache 2.4.27

The operating system my web server runs on is (include version): Arch Linux

My hosting provider, if applicable, is: Scaleway

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

What’s this show:

host api.nsone.net

#3
Host api.nsone.net not found: 3(NXDOMAIN)

But I can still interact with the API with a curl command like the API docs for NS1 say is possible.


#4

I don’t have a definite answer for why curl would succeed when host wouldn’t. There can be differences in DNS resolution between programs based on your system configuration. Or you might be mistaken about curl being able to resolve the domain.

But it doesn’t really matter why. Python is relying on your system to resolve the domain and your system’s DNS resolution is failing. Not a Certbot problem.

Depending on your system setup, you could try replace the resolvers in /etc/resolv.conf with some different ones that are known to work (like 1.1.1.1/1.0.0.1 for example).


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.