Max retries exceeded from the March 4 force-renewal bug

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
./certbot-auto certonly --force-renewal --manual --preferred-challenges=dns --email user@site.com --server https://acme-v02.api.letsencryp.org/directory --agree-tos -d *.domain.com -d domain.com

It produced this output:

Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/connection.py”, line 157, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/util/connection.py”, line 61, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File “/opt/rh/rh-python36/root/usr/lib64/python3.6/socket.py”, line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/connectionpool.py”, line 672, in urlopen
chunked=chunked,
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/connectionpool.py”, line 376, in _make_request
self._validate_conn(conn)
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/connectionpool.py”, line 994, in _validate_conn
conn.connect()
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/connection.py”, line 300, in connect
conn = self._new_conn()
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/connection.py”, line 169, in _new_conn
self, “Failed to establish a new connection: %s” % e
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f0117f5c9e8>: Failed to establish a new connection: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/requests/adapters.py”, line 449, in send
timeout=timeout
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/connectionpool.py”, line 720, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File “/opt/eff.org/certbot/venv/lib64/python3.6/site-packages/urllib3/util/retry.py”, line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=‘acme-v02.api.letsencryp.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x7f0117f5c9e8>: Failed to establish a new connection: [Errno -2] Name or service not known’,))

During handling of the above exception, another exception occurred:

requests.exceptions.ConnectionError: HTTPSConnectionPool(host=‘acme-v02.api.letsencryp.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x7f0117f5c9e8>: Failed to establish a new connection: [Errno -2] Name or service not known’,))

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.2.0

1 Like

Hi @letsgochamp

looks like your server can’t talk with Letsencrypt.

Or your local dns service doesn’t work.

What says

ping acme-v02.api.letsencrypt.org
tracert acme-v02.api.letsencrypt.org

(or traceroute)

same with google.com etc.

curl https://acme-v02.api.letsencrypt.org/
3 Likes

Sorry, I fixed my issue. I missed a ‘t’ on letsencryp.org

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.