HTTPSConnectionPool error when trying to renew cert

andrewjs18 · May 19, 2017, 6:16am

Hi all,

I keep hitting the following error when trying to renew 2 of my certs:

Attempting to renew cert from /etc/letsencrypt/renewal/mysite.com.conf produced an unexpected error: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45). Skipping.

I can telnet to the host, it’s pinging as well. here’s a trace route:

tracert acme-v01.api.letsencrypt.org

Tracing route to e981.dscb.akamaiedge.net [104.100.153.80]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms Wireless_Broadband_Router.home [192.168.1.25]
2 4 ms 3 ms 4 ms lo0-100.PHLAPA-VFTTP-330.verizon-gni.net [71.185.222.1]
3 8 ms 5 ms 9 ms B3330.PHLAPA-LCR-22.verizon-gni.net [130.81.4.134]
4 * * * Request timed out.
5 * * * Request timed out.
6 7 ms 6 ms 7 ms 0.ae4.GW1.EWR19.ALTER.NET [140.222.231.91]
7 7 ms 7 ms 7 ms a104-100-153-80.deploy.static.akamaitechnologies.com [104.100.153.80]

Trace complete.

any ideas?

abc · May 19, 2017, 6:30am

I am having the same error and http://letsencrypt.status.io/ previously showed an error for acme-staging.api.letsencrypt.org (Staging)

thesurfermac · May 19, 2017, 6:30am

Having the same issue. Not able to renew the cert.

righter83 · May 19, 2017, 6:36am

same here, have now also OSCP stapliing erros on my site…

Elf · May 19, 2017, 6:41am

I have the same Read timeout issue. My log file shows this:

2017-05-19 06:31:40,618:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-05-19 06:31:40,620:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-05-19 06:32:25,700:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/donasec.cz.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Read timed out. (read timeout=45). Skipping.
2017-05-19 06:32:25,701:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 418, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 648, in renew_cert
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 399, in _init_le_client
    return client.Client(config, acc, authenticator, installer, acme=acme)
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 202, in __init__
    acme = acme_from_config_key(config, self.account.key)
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 42, in acme_from_config_key
    return acme_client.Client(config.server, key=key, net=net)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 69, in __init__
    self.net.get(directory).json())
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 658, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 631, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 464, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 433, in send
    raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

2017-05-19 06:32:25,701:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.12.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 896, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 702, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 435, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

I can telnet acme-v01.api.letsencrypt.org on 443

fskale · May 19, 2017, 6:46am

Hi,

i also debugged the problem.

I cannot get a nonce header back, so i think the APP is down right now !

Rgds.

jbares · May 19, 2017, 7:29am

Having the same issue trying to cert renewal

ssh-copy-id · May 19, 2017, 7:34am

Is this an official mistake?

SvenL · May 19, 2017, 8:10am

Yes, App is down, as you can see here: http://letsencrypt.status.io/

ZapevalovAnton · May 19, 2017, 12:41pm

Aaaaaaaa!!! WTF!!!

cpu · May 19, 2017, 2:08pm

This error is a result of an ongoing service disruption. Please follow status.letsencrypt.org for more information. We should have all of the remaining issues resolved shortly.

In the meantime I’m going to lock this thread since there isn’t a need for further discussion on this particular error. Please open a new thread if you need to resume discussion.

Thanks for your patience, we apologize for the disruption and I expect more detailed root cause information will be shared in the near future.