HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out

Help
1

i run letsencrypt renew,but failed,here are my letsencrypt.log

2021-01-27 16:36:28,626:DEBUG:certbot.main:certbot version: 0.27.1
2021-01-27 16:36:28,626:DEBUG:certbot.main:Arguments:
2021-01-27 16:36:28,626:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-01-27 16:36:28,648:DEBUG:certbot.log:Root logging level set at 20
2021-01-27 16:36:28,648:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-01-27 16:36:28,664:DEBUG:certbot.plugins.selection:Requested authenticator <certbot.cli._Default object at 0x29374d0> and installer <certbot.cli._Default object at 0x29374d0>
2021-01-27 16:36:28,677:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2019-12-27 02:00:22 UTC.
2021-01-27 16:36:28,677:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2021-01-27 16:36:28,677:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2021-01-27 16:36:30,662:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x2939d10>
Prep: True
2021-01-27 16:36:30,662:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x2939d10>
Prep: True
2021-01-27 16:36:30,663:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x2939d10> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x2939d10>
2021-01-27 16:36:30,663:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2021-01-27 16:36:30,699:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/46123423', new_authzr_uri=None, terms_of_service=None), 1db8b15d24dba4d72fed4bf1a592e38e, Meta(creation_host=u'localhost.localdomain', creation_dt=datetime.datetime(2018, 11, 20, 2, 38, 22, tzinfo=)))>
2021-01-27 16:36:30,700:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-01-27 16:36:30,704:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-01-27 16:37:23,989:WARNING:certbot.renewal:Attempting to renew cert (jfbrother.com) from /etc/letsencrypt/renewal/jfbrother.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45). Skipping.
2021-01-27 16:37:23,991:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 430, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1195, in renew_cert
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 648, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 247, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line 50, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 761, in init
directory = messages.Directory.from_json(net.get(server).json())
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1095, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1044, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 464, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 433, in send
raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

2021-01-27 16:37:23,991:ERROR:certbot.renewal:All renewal attempts failed. The following certs could not be renewed:
2021-01-27 16:37:23,991:ERROR:certbot.renewal: /etc/letsencrypt/live/jfbrother.com/fullchain.pem (failure)
2021-01-27 16:37:23,992:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in
load_entry_point('certbot==0.27.1', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1364, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1276, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 455, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

2

i have try run -- curl https://acme-v02.api.letsencrypt.org/,it seems i can connect to https://acme-v02.api.letsencrypt.org/

  <div class="col-xs-6 text-left">
    <h1>Boulder<br>
    <small>The Let's Encrypt CA</small></h1>
  </div>
</div>

<div class="row">
  <div class="col-xs-8 col-xs-offset-2 text-center">
    <h3>This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a> Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.</h3>
    <p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href="https://letsencrypt.org/"><tt>https://letsencrypt.org/</tt></a> for help.</p>
    <p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href="https://acme-v02.api.letsencrypt.org/directory"><tt>https://acme-v02.api.letsencrypt.org/directory</a></tt>.</p>
  </div>
</div>
<div class="row">
  <div class="col-xs-4 col-xs-offset-2 text-center">
3

One of the common solutions in the long history of people hitting this issue has been to lower network MTU (even if curl works):

e.g. (adjust eth0 to your network interface name if it's different):

sudo ifconfig eth0 mtu 1300

If it doesn't help, you can always change it back.

2 Likes
4

i have tried to ran command sudo ifconfig eth0 mtu 1300 ,but it doesn't work

1 Like
5

As in the command failed, or that the command did not have the desired effect on Certbot?

1 Like
6

FYI, we had the same thing (we are using a self crafted tool on top of acme) and not certbot directly.

Just read your logs and it's actually the same because certbot apparently using the acme python implementation too.

In our logs this happened a few minutes before they updated their status page:

Snag_5843535
Snag_5843535913×407 22.9 KB

So, we considered it as part of the disturbance. I just looked at our logs, and our tool just tried a few minutes later and it was successful.

Now you saw that issue yesterday, so I think someone from the @staff may confirm if their status update of today solved this issue.

1 Like
7

Thanks for answering,i will try again after today

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.