Hello, community, I'm out of guesses of how to solve it on my own, so I really hope that I can get some help from you
I have tried to renew certificates (renewal wasn't needed) after which I have tried to recreate the entire deployment (docker-compose setup with nginx and certbot - after initial failed attempt with
--force-renewal option
, I have continued with --staging
option), however certbot is failing due to requests.exceptions.ConnectTimeout
Here are the requested details:
My domain is: gc.lamarhealth.com
I ran this command: in docker-compose
certonly --webroot --webroot-path=/var/lib/letsencrypt --email dev@lamarhealth.com --agree-tos --no-eff-email --staging -v -d gc.lamarhealth.com -d www.gc.lamarhealth.com
It produced this output:
certbot | Plugins selected: Authenticator webroot, Installer None
certbot | An unexpected error occurred:
certbot | requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='acme-staging-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f7372856170>, 'Connection to acme-staging-v02.api.letsencrypt.org timed out. (connect timeout=45)'))
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): nginx/1.23.4
The operating system my web server runs on is (include version): nginx:mainline-alpine (docker image)
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot/certbot (latest docker image)
Tried some of the troubleshooting found here:
curl -4v https://acme-staging-v02.api.letsencrypt.org/directory
* Trying 172.65.46.172:443...
* TCP_NODELAY set
* Connected to acme-staging-v02.api.letsencrypt.org (172.65.46.172) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=acme-staging-v02.api.letsencrypt.org
* start date: Apr 29 18:16:44 2023 GMT
* expire date: Jul 28 18:16:43 2023 GMT
* subjectAltName: host "acme-staging-v02.api.letsencrypt.org" matched cert's "acme-staging-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5567c13a08f0)
> GET /directory HTTP/2
> Host: acme-staging-v02.api.letsencrypt.org
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< server: nginx
< date: Mon, 22 May 2023 12:16:36 GMT
< content-type: application/json
< content-length: 826
< cache-control: public, max-age=0, no-cache
< x-frame-options: DENY
< strict-transport-security: max-age=604800
<
{
"_EJujV-egZM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-staging-v02.api.letsencrypt.org left intact
curl -6v https://acme-staging-v02.api.letsencrypt.org/directory
(but we don't have support for ipv6)
* Trying 2606:4700:60:0:f41b:d4fe:4325:6026:443...
* TCP_NODELAY set
* Immediate connect fail for 2606:4700:60:0:f41b:d4fe:4325:6026: Network is unreachable
* Closing connection 0
curl: (7) Couldn't connect to server