Is it possible to have actual server status?

Theo · December 14, 2017, 12:40pm

My domain: claudiamuller.com

I ran this command: certbot certonly --manual

It produced this output: Read timed out

My web server: Apache 2.4.29

The operating system my web server runs on: Ubuntu 16.04

My hosting provider: pair.com (shared)

I can login to a root shell on my machine: no

control panel: proprietary

I’m on a shared host, and they have not yet made available certbot. So I gotta face those manual challenges.
I’m trying to renew 10 domains, so it’s actually quite challenging. Problem is, I’m trying to do it since yesterday, and always have the same time out error.
The status page < https://letsencrypt.status.io/ > was updated 18 hours ago, so it’s not useful. Is there a way I can check the servers to be sure it’s worth trying the challenges?

Osiris · December 14, 2017, 12:45pm

You can be reasonably sure the status page is up to date. The mentioning of “updated 18 hours ago” doesn’t mean it has no clue about the status the last 18 hours, but was the most recent thing that happened. In this case a scheduled maintanance.

As there are millions of Let’s Encrypt certificates out there, any global outage or error will be noticed quickly enough.

Perhaps some more log info of your renewal attempt can be helpful in figuring out the problem.

Theo · December 14, 2017, 12:47pm

Thanks for such a quick help, Osiris.
Here’s the error:

Waiting for verification…
An unexpected error occurred:
ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

Any hint?

bytecamp · December 14, 2017, 12:52pm

Are you sure you can deploy any certificates by yourself on that host? You must have some administrative access to the underlying webserver software or a control panel which lets you import certificates, otherwise chances are low.

Osiris · December 14, 2017, 12:52pm

Could you please paste the full log? I’m interested if your client can do some but not all connections to acme-v01.api.letsencrypt.org.

The fact it’s waiting for verification seems to mean some connection is possible, but for some reason not every connection. Might have to do with MTU issues perhaps?

Theo · December 14, 2017, 12:56pm

Sorry, don’t know what are MTU issues.
Here is what I hope is the relevant log:

2017-12-14 12:25:17,342:INFO:certbot.auth_handler:Waiting for verification…
2017-12-14 12:25:17,342:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “kpJw-S9olvkNnOvqEWlDPFN4OoCXTbvqB8-EzWBJX6A.iJQqAqqI7duuD82Wf5EW2ojenF0aDaznYmID9PVNvhY”,
“type”: “http-01”,
“resource”: “challenge”
}
2017-12-14 12:25:17,352:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/1efdXRu2VtQRrPrhDJVR74atJSqcBznwXq82jmgDtzA/2732711736:
{
“protected”: “eyJub25jZSI6ICJLNmdkUXg0UERpWW5MQi1WM2lNeUZUaTdYRElDWGwzcno4SC10c2kzaUhnIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiLUM3dnJjRXVZMmpCdVZhbmFJWlBhSXROaTR6V1N3QlNNWHZiNFRyOUZ2eE84NC1yTVpuUjM0akp6TUVLd1lST3JzWFVzUTFVc09PUEEzaDhDRlhubDlzaU41WmllZUNfQk5vd1pqVElSdXJNRWowQWxaTWpBb3duQUFKWTMwRFZDZnhfMXY3U09ndnEtM0FpeGhyOHFWTjg5RGc5eWthWmIwZXhCLW1qLXIwYUNiRmJMZlZ0bnBvcDQxMW83U0J2UTBzYkowWG41U2tXVmU5eHV1TURaNlluckh5UTFMWEJtMDFtbWg4N1B1a0MzTmxxRk5PSkF2ZDFERDZVLW80SXdnN3UybGEtU3FaNEZtQWktYXJONm9nd3Nnd1JleUdRN2tYZ0ZLRjVvNUZBMVV6U1VPaTloT3U2WHBkelBlbmVkMEhIZHZQXzU0ZkxKZmVSTmFYaVJRIn19”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogImtwSnctUzlvbHZrTm5PdnFFV2xEUEZONE9vQ1hUYnZxQjgtRXpXQkpYNkEuaUpRcUFxcUk3ZHV1RDgyV2Y1RVcyb2plbkYwYURhem5ZbUlEOVBWTnZoWSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “qxMbIACV6JLDb8sl1omaRQSQPqG_VLxVGzantx0OJB8RBxK4lCWhO2SodNKbomVpeEf-w_38FcDhlziZqO6dk2emmJbekXdmaEcLdlLVbyCidO1D8TV4Wwc0tWWlP-VnBGAynajjPDOg59_7GWEueAT_gJbKnq4lkgGoQAZslfPhUKQ6nNQGWsqxG7UaVDFf5nCNivAMGBLiEwui8UsU3YCL-eo1_h_gWwxs_4PgjjrfZlC7CLrCuDDAEHwrRERoDg9cNvwy9BjpCktRVXz9OYUQYmTS34iWVUBAgzV0XoO3NEaImTGWSgcKkZp0d-_DloyqKmEibknyYlghF7Fv2w”
}
2017-12-14 12:26:02,402:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.19.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 861, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 786, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 80, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python2.7/dist-packages/certbot/renewal.py”, line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 318, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 134, in _respond
resp, chall_update)
File “/usr/lib/python2.7/dist-packages/certbot/auth_handler.py”, line 158, in _send_responses
self.acme.answer_challenge(achall.challb, resp)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 229, in answer_challenge
response = self.net.post(challb.uri, response)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 682, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 693, in _post_once
response = self._send_request(‘POST’, url, data=data, **kwargs)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 627, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 502, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 612, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/adapters.py”, line 516, in send
raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)
2017-12-14 12:26:02,408:ERROR:certbot.log:An unexpected error occurred:

Theo · December 14, 2017, 12:58pm

@bytecamp - Yes, I have done it before. As far as I could figure, this is my only option: to generate the cert with the manual challenges, then ask my hosting to set it up.

Theo · December 14, 2017, 2:30pm

I’ve just tried it again, with no changes, but now it worked.
No idea what happened, but thanks for the help.

system · January 13, 2018, 2:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45) Help	2	891	September 21, 2022
ReadTimeout: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443) Help	31	24791	May 19, 2017
Acme-v02.api.letsencrypt.org - Read timed out Help	3	1698	January 8, 2022
Certbot - HTTPSConnectionPool Client Timing Out when Trying to Reach Let's Encrypt Help	8	1910	October 12, 2017
Certificate Request with Certbot timing out Help	35	4014	November 28, 2018

Is it possible to have actual server status?

Related topics