I can't get a new ssl certificate


#1

I ran this command:./certbot-auto certonly

It produced this output:An unexpected error occurred: ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x366aa50>: Failed to establish a new connection: [Errno 110] Connection timed out',)) Please see the logfiles in /var/log/letsencrypt for more details.

My operating system is (include version):CentOS 6.5- 64

My web server is (include version):nginx

My hosting provider, if applicable, is:Tencent

I can login to a root shell on my machine (yes or no, or I don’t know):yes


I have obtained an SSL certificate, but I do not know why I can not get a certificate now, and the following problem

I looked at the error log :
2017-02-06 13:41:57,124:DEBUG:certbot.main:Root logging level set at 20
2017-02-06 13:41:57,124:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-02-06 13:41:57,124:DEBUG:certbot.main:certbot version: 0.11.1
2017-02-06 13:41:57,124:DEBUG:certbot.main:Arguments: []
2017-02-06 13:41:57,124:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#standalone,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#webroot,PluginEntryPoint#apache,PluginEntryPoint#null)
2017-02-06 13:41:57,125:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-02-06 13:41:57,667:WARNING:certbot.plugins.util:Failed to find apachectl in PATH: /usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
2017-02-06 13:41:57,667:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): Cannot find Apache control command apachectl
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/plugins/disco.py”, line 114, in prepare
self._initialized.prepare()
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/configurator.py”, line 169, in prepare
’Cannot find Apache control command {0}’.format(restart_cmd))
NoInstallationError: Cannot find Apache control command apachectl
2017-02-06 13:41:57,700:DEBUG:certbot.plugins.selection:Multiple candidate plugins: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x35f8150>
Prep: True

  • standalone
    Description: Spin up a temporary webserver
    Interfaces: IAuthenticator, IPlugin
    Entry point: standalone = certbot.plugins.standalone:Authenticator
    Initialized: <certbot.plugins.standalone.Authenticator object at 0x35f8210>
    Prep: True
    2017-02-06 13:42:08,356:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x35f8150> and installer None
    2017-02-06 13:42:08,450:DEBUG:certbot.main:Picked account: <Account(0b431fb98a33898abefe6cd3b0ea2154)>
    2017-02-06 13:42:08,451:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
    2017-02-06 13:42:08,574:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    2017-02-06 13:42:15,867:DEBUG:certbot.main:Exiting abnormally:
    Traceback (most recent call last):
    File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
    sys.exit(main())
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 882, in main
    return config.func(config, plugins)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 654, in obtain_cert
    le_client = _init_le_client(config, auth, installer)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py”, line 407, in _init_le_client
    return client.Client(config, acc, authenticator, installer, acme=acme)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/client.py”, line 202, in init
    acme = acme_from_config_key(config, self.account.key)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/client.py”, line 42, in acme_from_config_key
    return acme_client.Client(config.server, key=key, net=net)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py”, line 69, in init
    self.net.get(directory).json())
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py”, line 657, in get
    self._send_request(‘GET’, url, **kwargs), content_type=content_type)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py”, line 630, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/sessions.py”, line 488, in request
    resp = self.send(prep, **send_kwargs)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/sessions.py”, line 609, in send
    r = adapter.send(request, **kwargs)
    File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/requests/adapters.py”, line 487, in send
    raise ConnectionError(e, request=request)
    ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x366aa50>: Failed to establish a new connection: [Errno 110] Connection timed out’,))

#2

First of all if you read the log it’s complaining about not finding Apache and you are running Nginx. Secondly your command can not only be ./certbot-auto certonly your command needs to specify all sorts of things like this

sudo ./certbot-auto --nginx --agree-tos --rsa-key-size 4096 -m youremail@wherever.com -d yourdomain.com -d www.yourdomain.com --renew-by-default

If you have problems with that and Nginx then Nginx needs to be configured to allow access to .well-known to run it’s acme challenge.


#3

Thank you for your reply,I tried the command you provided,I found the problem really is in Nginx
It produced this output:DeprecationWarning Saving debug log to /var/log/letsencrypt/letsencrypt.log /root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py:601: DeprecationWarning: BaseException.message has been deprecated as of Python 2.6 return e.message The nginx plugin is not working; there may be problems with your existing configuration. The error was: NoInstallationError()

It seems I need to configure what Nginx


#4

There is also the need to improve the version of Python, but this does not prevent me from obtaining SSL certificate, because I was manually complete the certificate


#5

Getting certbot to play with Nginx can be tricky at first. If you are not sure right now of what to do and only need one certificate then just stop Nginx, generate the certificate using the standalone authenticator and the restart Nginx and manually put the certificate files and ssl settings into your host file.

So you can do

sudo service Nginx stop

sudo ./certbot-auto certonly --standalone --agree-tos --rsa-key-size 4096 -m youremail@wherever.com -d yourdomain.com -d www.yourdomain.com --renew-by-default

Sudo service Nginx restart

Look at some of my other posts, for sample Nginx configuration including all the correct ssl settings and ciphers


#6

Perhaps my cdn there is a problem, because 443 ports can not link.
After I enter the order you have provided the following code again:
An unexpected error occurred: ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x33c8ad0>: Failed to establish a new connection: [Errno 110] Connection timed out',)) Please see the logfiles in /var/log/letsencrypt for more details.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.