Error when trying to renew certificate using docker certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ma7gdp.duckdns.org

I ran this command:

docker run -it --rm --name certbot -v ":/etc/letsencrypt" -v ":/var/lib/letsencrypt" -p "28443:443" -p "28080:80" certbot/certbot certonly -d ma7gdp.duckdns.org --standalone

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fecb1639990>: Failed to establish a new connection: [Errno -3] Try again'))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): official certbot docker container image

The operating system my web server runs on is (include version): Debian host

My hosting provider, if applicable, is: n/a local home server

I can login to a root shell on my machine (yes or no, or I don't know): yes

Thanks in advance for any help.
Cheers.

1 Like

JFYI I ran the debug here: Let's Debug and it was showing as OK, so I am pretty sure it is not a firewall issue.
I just stood up a temporary nginx server on the same ports via docker to run this debug, but it is no longer running incase anyone tried to run the debug test again.

where port 28xxx proxyed to? unless port ma6gdp..duckdns.org:80 from outside goes to certbot, it won't work=
you may better to use other client

3 Likes

If you hit 80 from external it is forwarded to 28080 and picked up by certbot container and port mapped back to 80. This all worked ok for the last time I renewed, so not sure what is happening.

It seems to have trouble to make an outgoing connection to the ACME API.

That said, I don't know anything about Docker, so no idea on how to debug or fix that.. Perhaps it's as simple as the error message suggest: try again.

3 Likes

Well if in doubt then reboot I guess. Seems to have done the trick. I made no changes, just rebooted and it started working. Not great when that happens as you never find out the real cause, but happy its working :slight_smile: Thanks all for replies.

1 Like