I can no longer renew my certificates

LucasPereira · July 19, 2018, 12:36am

Please fill out the fields below so we can help you better.

My domain is:
supera.com.br

I ran this command:
certbot renew

It produced this output:
Attempting to renew cert (www.supera.com.br) from /etc/letsencrypt/renewal/www.supera.com.br.conf produced an unexpected error: (‘Connection aborted.’, error(101, ‘Network is unreachable’)). Skipping.

My web server is (include version):
Nginx v1.14.0

The operating system my web server runs on is (include version):
centos-release-7-5.1804.el7.centos.2.x86_64

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

_az · July 19, 2018, 12:42am

mtr -c 10 acme-v02.api.letsencrypt.org --report
curl -v -m 10 https://acme-v02.api.letsencrypt.org/directory

LucasPereira · July 19, 2018, 12:45am

Results:
mtr -c 10 acme-v02.api.letsencrypt.org --report
Start: Wed Jul 18 20:41:47 2018
HOST: reverse-proxy.supera.com.br Loss% Snt Last Avg Best Wrst StDev
1.|-- gateway 0.0% 10 0.3 0.3 0.3 0.4 0.0
2.|-- 198.50.173.38 0.0% 10 1.3 1.4 1.2 1.8 0.0
3.|-- vl6.bhs-d2-a75.qc.ca 0.0% 10 0.6 0.6 0.5 0.7 0.0
4.|-- 10.95.81.10 0.0% 10 3.4 2.2 1.8 3.4 0.3
5.|-- be100-1324.chi-5-a9.il.us 0.0% 10 17.9 17.6 17.3 17.9 0.0
6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
7.|-- 1-3.r1.dc.hwng.net 0.0% 10 35.0 30.1 26.8 38.4 4.4
8.|-- 209.197.13.13 0.0% 10 60.5 35.0 27.2 60.5 13.3
9.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0

curl -v -m 10 https://acme-v02.api.letsencrypt.org/directory

About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
Trying 23.57.151.37…
After 4745ms connect time, move on!
Trying 2600:1419:0:39a::3a8e…
Failed to connect to 2600:1419:0:39a::3a8e: Network is unreachable
Trying 2600:1419:0:39c::3a8e…
Failed to connect to 2600:1419:0:39c::3a8e: Network is unreachable
Failed connect to acme-v02.api.letsencrypt.org:443; Network is unreachable
Closing connection 0
curl: (7) Failed to connect to 2600:1419:0:39a::3a8e: Network is unreachable

_az · July 19, 2018, 12:48am

grep -i letsencrypt /etc/hosts

LucasPereira · July 19, 2018, 12:50am

I executed the command but got nothing

_az · July 19, 2018, 12:52am

The problem is that this server isn't online.

So one of two things is happening:

You have an extremely stale DNS record for the API domain for some reason
Or Let's Encrypt/Akamai is having an outage.

What DNS resolver is your system using (/etc/resolv.conf) ?

dig acme-v02.api.letsencrypt.org

would help too.

LucasPereira · July 19, 2018, 12:55am

My resolve.conf has 2 entries, My domain DNS Server and Google DNS Server (8.8.8.8)

dig results:
dig acme-v02.api.letsencrypt.org

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> acme-v02.api.letsencrypt.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41033
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;acme-v02.api.letsencrypt.org. IN A

;; ANSWER SECTION:
acme-v02.api.letsencrypt.org. 6554 IN CNAME api.letsencrypt.org-ng.edgekey.net.
api.letsencrypt.org-ng.edgekey.net. 12599 IN CNAME e14990.dscx.akamaiedge.net.
e14990.dscx.akamaiedge.net. 20 IN A 23.57.151.37

;; Query time: 357 msec
;; SERVER: 172.27.0.28#53(172.27.0.28)
;; WHEN: Wed Jul 18 20:52:32 EDT 2018
;; MSG SIZE rcvd: 158

_az · July 19, 2018, 12:56am

Consider removing your local DNS server from resolv.conf temporarily and seeing if it helps.

LucasPereira · July 19, 2018, 12:59am

Wow, that worked, thanks! I appreciate the help!
Now begins the quest to finding out what’s wrong with my DNS Server… yay…

system · August 18, 2018, 12:59am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.