Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')). Skipping

kghbln · March 25, 2023, 8:15pm

My domain is:

https://www.hinwilpedia.ch/wiki/Hauptseite

I ran this command:

certbot renew

It produced this output:

Attempting to renew cert (hinwilpedia.ch) from /etc/letsencrypt/renewal/hinwilpedia.ch.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f60930d1bb0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/hinwilpedia.ch/fullchain.pem (failure)

My web server is (include version):

The operating system my web server runs on is (include version):

Server version: Apache/2.4.41 (Ubuntu)
Server built: 2023-01-23T18:36:09

My hosting provider, if applicable, is:

Hetzner

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.40.0

The renewal of the certs worked without issues for the past 3 and a half years. Not sure why it is failing now. Looks like I am 12 days into this issue.

The error message says that the maximum number of retries was exceeded. Not sure where this comes from. It was the first time I ran certbot renew. Perhaps the bot frantically tried to renew several times already by itself.

kghbln · March 25, 2023, 8:19pm

I saw this post with a similar issue. Thus providing the following info, which was requested to provide assistance.

dig +short acme-v02.api.letsencrypt.org

no output

dig +short acme-v02.api.letsencrypt.org @8.8.8.8

prod.api.letsencrypt.org.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
172.65.32.248

cat /etc/resolv.conf

nameserver 127.0.0.53
options edns0 trust-ad

cat /run/systemd/resolve/stub-resolv.conf

nameserver 127.0.0.53
options edns0 trust-ad

cat /etc/netplan/01-netcfg.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    ens4:
      dhcp4: yes

rg305 · March 25, 2023, 8:49pm

You are on the right path.
The local DNS server is unable to resolve the name.
I would suggest that you fix it or change it.

kghbln · March 25, 2023, 9:17pm

Hmm, to be honest: I do not know what is causing it to fail. Which part of the provided information tells you that it fails?

rg305 · March 25, 2023, 9:19pm

^^ the lack of output ^^

Try:
dig +short acme-v02.api.letsencrypt.org 127.0.0.53
dig +short localhost 127.0.0.53

kghbln · March 27, 2023, 4:43pm

Same misery

dig +short acme-v02.api.letsencrypt.org 127.0.0.53

No output

dig +short localhost 127.0.0.53

127.0.0.1

Yeah, this machine cannot call home. I have a second server with an identical setup and identical configuration files regarding DNS. That one is working. Currently, I am clueless as to what may cause the failure. I will not check back with the machine provider and see how it goes.

kghbln · April 8, 2023, 12:07pm

There was no sulution for us. The local DNS remained unrecoverable. Thus we disbanded the server and moved the content to a server with another provider.

This is kinda anti-solution, but I did not want to spend more time trying to fix it than moving away.

Thanks to everybody trying to help here. Much appreciated, as always!

system · May 8, 2023, 12:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.