I cannot obtain ssl certificate on my nginx web server

Bolatan · April 11, 2023, 12:01am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot --nginx -d

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

An unexpected error occurred:
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04.2 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

orangepizza · April 11, 2023, 12:21am

log says your server can't talk with outside internet? fix it's network first

Bolatan · April 11, 2023, 12:32am

you can try again,

orangepizza · April 11, 2023, 12:34am

only error your log says acme client couln't connect to the LE, so you should try running commend again, and post new log here

Bolatan · April 11, 2023, 12:35am

Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

rg305 · April 11, 2023, 12:36am

Try:
nslookup acme-v02.api.letsencrypt.org
curl -i https://acme-v02.api.letsencrypt.org/directory

Bolatan · April 11, 2023, 12:39am

nslookup acme-v02.api.letsencrypt.org
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
acme-v02.api.letsencrypt.org canonical name = prod.api.letsencrypt.org.
prod.api.letsencrypt.org canonical name = ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
Name: ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Address: 172.65.32.248
Name: ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Address: 2606:4700:60:0:f53d:5624:85c7:3a2c

Bolatan · April 11, 2023, 12:41am

no response on curl

Bolatan · April 11, 2023, 12:43am

curl: (28) Failed to connect to acme-v02.api.letsencrypt.org port 443 after 129929 ms: Connection timed out

orangepizza · April 11, 2023, 12:46am

can it even connect to internet at all? curl https://google.com

Bolatan · April 11, 2023, 12:47am

yes, it can reach the internet

rg305 · April 11, 2023, 12:48am

And it also can't reach the Internet.

Which sites can it reach?
Which sites can't it reach?

MikeMcQ · April 11, 2023, 12:54am

What does this show?

curl -I https://cloudflare.com

Bolatan · April 11, 2023, 12:55am

it can reach google , bbc.com, cnn.com

Bolatan · April 11, 2023, 12:56am

HTTP/2 301
date: Tue, 11 Apr 2023 00:55:33 GMT
location: https://www.cloudflare.com/
cache-control: max-age=3600
expires: Tue, 11 Apr 2023 01:55:33 GMT
set-cookie: __cf_bm=Z8vZ6uXcFyYPIuBljuvT5.stoFt.jLNej4vmYGo0GaA-1681174533-0-AR3ZMSJ2TnYvUCtlolbmtioDjmuLbRuqDah3ANIrp8BjmtQrETFL5BzWvLo5ImgBDstlogpAaE8ttvkVJT2ecnA=; path=/; expires=Tue, 11-Apr-23 01:25:33 GMT; domain=.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=MHHz%2BWxJwJNPt2NOUey5nhDGYgPATdGyHpl3962lj%2FdDFGwU8ijIbHzp8oQgkpQGGfnbrMA9K3EjD8jPA0ljuX%2FOcfEVZOfPPmHCp7k2skN%2BFtWF1goJq4jwjCWIP9oz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000; includeSubDomains
server: cloudflare
cf-ray: 7b5f43c16d3ee268-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

orangepizza · April 11, 2023, 1:00am

traceroute acme-v02.api.letsencrypt.org ?

Bolatan · April 11, 2023, 1:03am

traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets

 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

rg305 · April 11, 2023, 1:04am

Try:
traceroute -T -p 443 acme-v02.api.letsencrypt.org

And show [route table]:
netstat -nr

Bolatan · April 11, 2023, 1:06am

traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

rg305 · April 11, 2023, 1:07am

You already showed that...

Try:
traceroute -T -p 443 acme-v02.api.letsencrypt.org

And show [route table]:
netstat -nr

Topic		Replies	Views
Some challenges have failed Help	2	599	May 17, 2023
Ssl certicifate 'not secure' problem Help	4	1281	August 27, 2021
容器部署脚本申请ssl证书，直接报错了 Help	26	1429	March 11, 2023
Can’t access acme-v02.api.letsencrypt.org Help	3	1071	November 19, 2019
I can't cert my encrypt Help	8	1691	November 18, 2019

I cannot obtain ssl certificate on my nginx web server

Related topics