Max retries exceeded with -

I managed to create a certificate using letsencrypt-auto yesterday, without issues on my Ubuntu 14.04 server. I need to generate another one, and using the following command as root:

letsencrupt-auto certonly --standalone

After quite a while, I get the following error:

An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host=‘’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fa079e9a810>: Failed to establish a new connection: [Errno 101] Network is unreachable’,))

Here’s the full output from /var/log/letsencrypt/letsencrypt.log

2016-02-12 08:19:18,750:DEBUG:letsencrypt.cli:Root logging level set at 30
2016-02-12 08:19:18,750:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-02-12 08:19:18,751:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.0
2016-02-12 08:19:18,751:DEBUG:letsencrypt.cli:Arguments: [’–no-self-upgrade’, ‘–standalone’, ‘-d’, ‘’, ‘-d’, ‘’]
2016-02-12 08:19:18,751:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-02-12 08:19:18,759:DEBUG:letsencrypt.cli:Requested authenticator standalone and installer None
2016-02-12 08:19:19,733:DEBUG:letsencrypt.display.ops:Single candidate plugin: * standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = letsencrypt.plugins.standalone:Authenticator
Initialized: <letsencrypt.plugins.standalone.Authenticator object at 0x7f69e96d8850>
Prep: True
2016-02-12 08:19:19,734:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.standalone.Authenticator object at 0x7f69e96d8850> and installer None
2016-02-12 08:19:19,781:DEBUG:letsencrypt.cli:Picked account: <Account(365591a7b0ea8771459c189d7421be32)>
2016-02-12 08:19:19,781:DEBUG:root:Sending GET request to args: (), kwargs: {}
2016-02-12 08:19:19,802:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1):
2016-02-12 08:21:27,218:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 1987, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 690, in obtain_cert
le_client = _init_le_client(config, authenticator, installer)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 213, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 183, in init
acme = acme_from_config_key(config, self.account.key)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/”, line 41, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/”, line 63, in init
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/”, line 619, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/”, line 601, in _send_request
response = requests.request(method, url, *args, **kwargs)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/”, line 53, in request
return session.request(method=method, url=url, **kwargs)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/”, line 468, in request
resp = self.send(prep, **send_kwargs)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/”, line 576, in send
r = adapter.send(request, **kwargs)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/requests/”, line 437, in send
raise ConnectionError(e, request=request)
ConnectionError: HTTPSConnectionPool(host=‘’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f69e9669890>: Failed to establish a new connection: [Errno 101] Network is unreachable’,))

I tried disabling my firewall, but still getting the same issue. Any idea what could be wrong?

1 Like

Just decided to give this a retry, since this morning. And still having this issue, not sure why this is happening?

Ok, so just removed letsencrypt along with /etc/letsencrypt, and it’s getting past the line that says “Requesting root privileges to run letsencrypt…” Is this happening because I was trying to generate a second certificate on my server for another domain?

Still stuck, I’ve generated one cert on my server, and since then, running

letsencrypt-auto certonly --standalone

doesn’t work. Still getting the HTTPSConnectionPool error.

Can you try a traceroute to

And simple telnet 443?

This doesn’t seem related, but there is no DNS record for the www. version of the name you were requesting (but that ought to produce a different error later on in the process).

1 Like

Thanks for the reply @schoen. I ran a traceroute and got the following:

1?: [LOCALHOST] pmtu 1500
1: 0.993ms
1: 0.633ms
2: 24.008ms
3: 3.864ms
4: 0.667ms asymm 5
5: 7.611ms
6: 182.145ms asymm 21
7:– 18.973ms
8: 179.409ms asymm 18
9: LO-MTN-MSE-PE-01– 164.485ms
10: 162.531ms
11: 174.939ms
12: 183.076ms
13: 181.229ms
14: 262.443ms
15: 283.589ms
16: 309.358ms
17: 337.634ms asymm 15
18: 371.439ms asymm 16
19: 374.452ms asymm 17
20: 374.647ms asymm 18
21: 381.487ms asymm 19
22: 384.603ms reached
Resume: pmtu 1500 hops 22 back 20

telnet 443

Connected to
Escape character is ‘^]’.

I tried entirely deleting the /etc/letsencrypt folder, to attempt starting from scratch, doesn’t work either. Did a git reset --hard on the letsencrypt repo as well, and with no success…

All I want to is regenerate the certificate, as I need to add more domains to it

Ok, for some reason, after running traceroute and telnet, I was able to generate a new certificate!

I’m currently having the same problem from a Linode in Atlanta. My Linode in New Jersey is working fine.

DNS info:

# host is an alias for is an alias for has address has IPv6 address 2600:1402:a:29f::3d5 has IPv6 address 2600:1402:a:2a2::3d5

And a raw test:

# curl
curl: (7) Failed to connect to port 443: Connection refused

(The working node gets a different address from the DNS, so this looks like a node failure…)

Hello guys, I have same problem. It seem that address is blocked for my IP.

Here is error:
Checking for new version... Requesting root privileges to run certbot... /root/.local/share/letsencrypt/bin/letsencrypt certonly --config /etc/letsencrypt/lecli.ini -d -d An unexpected error occurred: ConnectionError: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x2732410>: Failed to establish a new connection: [Errno 101] Network is unreachable',)) Please see the logfiles in /var/log/letsencrypt for more details.
DNS and ping work from the server, I cant only reach port 443. IMHO it is looks like that IP is banned. From other servers everything works fine.

[root@anniebabymonitor letsencrypt]# host is an alias for is an alias for has address has IPv6 address 2a02:26f0:10e:185::3d5 has IPv6 address 2a02:26f0:10e:1a0::3d5
[root@anniebabymonitor letsencrypt]# ^C
[root@anniebabymonitor letsencrypt]# ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=57 time=9.50 ms
64 bytes from ( icmp_seq=2 ttl=57 time=9.59 ms
64 bytes from ( icmp_seq=3 ttl=57 time=10.0 ms
^C ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 9.507/9.725/10.079/0.264 ms

@funko Have you check your outbound firewall rules + logs to make sure you arent blocking it? Have you watched your firewall logs when you make the request?

Same issue on Ubuntu 16.04.

# traceroute -n -p 443
traceroute to (, 30 hops max, 60 byte packets
 1  0.236 ms  0.183 ms  0.251 ms
 2  0.454 ms  0.488 ms  0.429 ms
 3  30.019 ms  29.962 ms  29.819 ms
 4  16.020 ms  15.951 ms  16.239 ms
 5  186.439 ms  187.689 ms  186.466 ms
 6  192.581 ms  192.402 ms  192.524 ms
 7  254.194 ms  253.876 ms  254.047 ms
 8  217.344 ms  218.168 ms  218.096 ms
 9  215.266 ms  215.478 ms  215.416 ms
10  216.894 ms  219.635 ms  219.541 ms
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Same issue on ubuntu 16.04 on digital ocean. Running “curl” seemed to fix it…

I’m also having these problem on Ubuntu Server 16.10. Curling the site didn’t help for me, and traceroute -p 443 just leaves me in stars. :confused:

Come to think about it… That doesn’t work on port 443 for either. It does however work with the -Tflag (TCP ACKs on), so maybe it just can’t/won’t do ICMP over SSL? With -T I can successfully traceroute -p 443 -T.

EDIT: or just plain traceroute 443 works.

I follow your steps,and do the same,it doesn’t work.
Then ,after I run curl,I try again, the problem is gone.
I don’t know hte reasion.