Failed to establish a new connection: [Errno 101] Network is unreachable

My cert renewed in the past, but fails now.
LetsEncrypt cert not renewing as expected.
LetsEncrypt renew attempt:

root@nc:~# letsencrypt renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Attempting to renew cert from /etc/letsencrypt/renewal/ produced an unexpected error: HTTPSConnectionPool(host=‘’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7ff88bac0cd0>: Failed to establish a new connection: [Errno 101] Network is unreachable’,)). Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)
1 renew failure(s), 0 parse failure(s)

Here is my /var/log/letsencrypt/letsencrypt.log

2017-07-08 01:33:01,334:DEBUG:certbot.main:Root logging level set at 20
2017-07-08 01:33:01,335:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-07-08 01:33:01,336:DEBUG:certbot.main:certbot version: 0.12.0
2017-07-08 01:33:01,336:DEBUG:certbot.main:Arguments: []
2017-07-08 01:33:01,337:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#nul$
2017-07-08 01:33:01, renew, less than 30 days before certificate expiry 2017-07-17 17:58:00 $
2017-07-08 01:33:01,388:INFO:certbot.renewal:Cert is due for renewal, auto-renewing…
2017-07-08 01:33:01,389:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2017-07-08 01:33:01,615:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7ff88bad4990>
Prep: True
2017-07-08 01:33:01,616:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator obj$
2017-07-08 01:33:01,627:DEBUG:certbot.main:Picked account: <Account(eecb002bebb590033e57ebebd8a22809)>
2017-07-08 01:33:01,628:DEBUG:acme.client:Sending GET request to
2017-07-08 01:33:01,648:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letse$
2017-07-08 01:33:46,769:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/$
2017-07-08 01:33:46,829:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/certbot/”, line 418, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python2.7/dist-packages/certbot/”, line 648, in renew_cert
le_client = _init_le_client(config, auth, installer)
File “/usr/lib/python2.7/dist-packages/certbot/”, line 399, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File “/usr/lib/python2.7/dist-packages/certbot/”, line 202, in init
acme = acme_from_config_key(config, self.account.key)
File “/usr/lib/python2.7/dist-packages/certbot/”, line 42, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/usr/lib/python2.7/dist-packages/acme/”, line 69, in init
File “/usr/lib/python2.7/dist-packages/acme/”, line 658, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/dist-packages/acme/”, line 631, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/requests/”, line 488, in request
resp = self.send(prep, **send_kwargs)

@fixmycpu, this means that your client can’t make an outbound HTTPS connect to the Let’s Encrypt CA’s API.

This problem is usually caused by a firewall or DNS problem that limits outbound connections. It could also be caused by a router misconfiguration.

Here is a recent thread with someone who had the same problem and commands I suggested running for comparison:

Thanks Schoen, I eventually found the cause later that day after going through all changes since installed and determined it to be caused by the AVG Internet Security firewall I had recently installed on the host (Windows 10). It was preventing the VM from contacting the necessary servers for cert renewal.

Once I temporarily disabled the AVG, the system cert renewed without issue.

Thanks for the reply, it is right on target…

This topic can be closed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.