HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out

I’m trying to generating certificate for my subdomains of botitapp.com. This was working fine for the past few months, and suddenly auto-renewing stopped. I tried to re generate the certificates but It didn’t work. I checked past issues and changed mtu to 1300 but nothing changed!

My domain is: botitapp.com

I ran this command: sudo certbot certonly --manual -d *.botitapp.com

It produced this output: this happens after making the dns challenge.

Press Enter to Continue
Waiting for verification...
Cleaning up challenges
An unexpected error occurred:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 387, in _make_request
    six.raise_from(e, None)
  File "<string>", line 3, in raise_from
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 383, in _make_request
    httplib_response = conn.getresponse()
  File "/usr/lib/python3.6/http/client.py", line 1331, in getresponse
    response.begin()
  File "/usr/lib/python3.6/http/client.py", line 297, in begin
    version, status, reason = self._read_status()
  File "/usr/lib/python3.6/http/client.py", line 258, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "/usr/lib/python3.6/socket.py", line 586, in readinto
    return self._sock.recv_into(b)
  File "/usr/lib/python3.6/ssl.py", line 1012, in recv_into
    return self.read(nbytes, buffer)
  File "/usr/lib/python3.6/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
  File "/usr/lib/python3.6/ssl.py", line 631, in read
    v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 639, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 357, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 389, in _make_request
    self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 309, in _raise_timeout
    raise ReadTimeoutError(self, url, "Read timed out. (read timeout=%s)" % timeout_value)
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

The operating system my web server runs on is (include version): 18.04.2 LTS (Bionic Beaver)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @amragaey

checking your domain you have created another certificate this morning ( https://check-your-website.server-daten.de/?q=botitapp.com ):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-07-17 2019-10-15 botitapp.com
1 entries duplicate nr. 1

So it’s curious you have a timeout.

Is there a fixed ip address in your hosts file?

Something like

104.74.120.43 acme-v02.api.letsencrypt.org

now with the wrong ip? Or a firewall that blocks outgoing connections?

There is a wrong created TXT entry:

12. TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
botitapp.com v=spf1 include:spf.efwd.registrar-servers.com ~all ok 1 0
www.botitapp.com 1 0
_acme-challenge.botitapp.com Name Error - The domain name does not exist 1 0
_acme-challenge.www.botitapp.com Name Error - The domain name does not exist 1 0
botitapp.westeurope.cloudapp.azure.com ok 1 0
_acme-challenge.botitapp.com.botitapp.com qqT-k-UmY-Xeg_QoL62sr6qi4wzSJmQymWQ_f73GXKg perhaps wrong 1 0

Two times the main domain name. But that’s not a reason of a timeout.

Hi @JuergenAuer

I added the IP in the /etc/hosts to try as I found it a solution in previous topic. But haven’t resolved the problem so I deleted it from hosts.

And yes, I successfully generated a certificate for my main domain botitapp.com using the file upload method at the .well-known/acme-challenge. It passed the challenge and generated certificate successfully.

But now, I’m trying to generate a certificate for my subdomains using the wild card *.botitapp.com. It’s required to do the dns challenge, I added the required TXT record, but it end up with error of timeout!

Are you sure your Certbot doesn’t wait to your input? So the error message may be “not so good”?

If you use --manual, you have to create the TXT entry, then Certbot waits, if you hit “return” or “space”.

Yes, I did.

The problem solved. The TXT record was mistakenly written as _acme-challenge.botitapp.com in the host field. while it should be only _acme-challenge. I haven’t recognized it at first, and I was waiting too long for the DNS to update the entry which in turn made the certbot timeout after long waiting before I hit enter to verify the record.

Thanks Juergen fo your support!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.