HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out

Help
1

I’m trying to generating certificate for my subdomains of botitapp.com. This was working fine for the past few months, and suddenly auto-renewing stopped. I tried to re generate the certificates but It didn’t work. I checked past issues and changed mtu to 1300 but nothing changed!

My domain is: botitapp.com

I ran this command: sudo certbot certonly --manual -d *.botitapp.com

It produced this output: this happens after making the dns challenge.

Press Enter to Continue
Waiting for verification...
Cleaning up challenges
An unexpected error occurred:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request
    six.raise_from(e, None)
  File "<string>", line 3, in raise_from
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 383, in _make_request
    httplib_response = conn.getresponse()
  File "/usr/lib/python3.6/http/client.py", line 1331, in getresponse
    response.begin()
  File "/usr/lib/python3.6/http/client.py", line 297, in begin
    version, status, reason = self._read_status()
  File "/usr/lib/python3.6/http/client.py", line 258, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "/usr/lib/python3.6/socket.py", line 586, in readinto
    return self._sock.recv_into(b)
  File "/usr/lib/python3.6/ssl.py", line 1012, in recv_into
    return self.read(nbytes, buffer)
  File "/usr/lib/python3.6/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
  File "/usr/lib/python3.6/ssl.py", line 631, in read
    v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 639, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 357, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 389, in _make_request
    self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 309, in _raise_timeout
    raise ReadTimeoutError(self, url, "Read timed out. (read timeout=%s)" % timeout_value)
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

The operating system my web server runs on is (include version): 18.04.2 LTS (Bionic Beaver)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

2

Hi @amragaey

checking your domain you have created another certificate this morning ( https://check-your-website.server-daten.de/?q=botitapp.com ):

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-07-17 2019-10-15 botitapp.com
1 entries duplicate nr. 1

So it's curious you have a timeout.

Is there a fixed ip address in your hosts file?

Something like

104.74.120.43 acme-v02.api.letsencrypt.org

now with the wrong ip? Or a firewall that blocks outgoing connections?

There is a wrong created TXT entry:

--

12. TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
botitapp.com v=spf1 include:spf.efwd.registrar-servers.com ~all ok 1 0
www.botitapp.com 1 0
_acme-challenge.botitapp.com Name Error - The domain name does not exist 1 0
_acme-challenge.www.botitapp.com Name Error - The domain name does not exist 1 0
botitapp.westeurope.cloudapp.azure.com ok 1 0
_acme-challenge.botitapp.com.botitapp.com qqT-k-UmY-Xeg_QoL62sr6qi4wzSJmQymWQ_f73GXKg perhaps wrong 1 0

Two times the main domain name. But that's not a reason of a timeout.

3

Hi @JuergenAuer

I added the IP in the /etc/hosts to try as I found it a solution in previous topic. But haven’t resolved the problem so I deleted it from hosts.

And yes, I successfully generated a certificate for my main domain botitapp.com using the file upload method at the .well-known/acme-challenge. It passed the challenge and generated certificate successfully.

But now, I’m trying to generate a certificate for my subdomains using the wild card *.botitapp.com. It’s required to do the dns challenge, I added the required TXT record, but it end up with error of timeout!

4

Are you sure your Certbot doesn't wait to your input? So the error message may be "not so good"?

If you use --manual, you have to create the TXT entry, then Certbot waits, if you hit "return" or "space".

5

Yes, I did.

The problem solved. The TXT record was mistakenly written as _acme-challenge.botitapp.com in the host field. while it should be only _acme-challenge. I haven’t recognized it at first, and I was waiting too long for the DNS to update the entry which in turn made the certbot timeout after long waiting before I hit enter to verify the record.

Thanks Juergen fo your support!

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.