Max retries exceeded with url: /directory

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ama-test.clarity-tec.com

I ran this command: docker-compose run --rm --entrypoint "
certbot certonly --webroot -w /var/www/certbot
$staging_arg
$email_arg
$domain_args
--rsa-key-size $rsa_key_size
--agree-tos
--force-renewal" certbot

It produced this output: requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7ff447a3a6b0>, 'Connection to acme-v02.api.letsencrypt.org timed out. (connect timeout=45)'))

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 22.04 Jammy

My hosting provider, if applicable, is: Hetzner

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Please See Rate Limits - Let's Encrypt and Failed Validation Limit - Let's Encrypt

2 Likes

Currently ama-test.clarity-tec.com is serving a certificate for

Common Name: 	ama-demo.clarity-tec.com
SANs: 			DNS:ama-demo.clarity-tec.com
				Total number of SANs: 1

See here for details https://decoder.link/sslchecker/ama-test.clarity-tec.com/443

1 Like

Both ama-test.clarity-tec.com and ama-demo.clarity-tec.com resolve to the same IPv4 Address 136.243.94.161

$ nslookup ama-test.clarity-tec.com ns3.stratoserver.net.
Server:         ns3.stratoserver.net.
Address:        185.132.34.159#53

Name:   ama-test.clarity-tec.com
Address: 136.243.94.161
$ nslookup ama-demo.clarity-tec.com ns3.stratoserver.net.
Server:         ns3.stratoserver.net.
Address:        185.132.34.159#53

Name:   ama-demo.clarity-tec.com
Address: 136.243.94.161
1 Like

Why?

3 Likes

Hey ! :slight_smile:

Thank you very much for your messages. I worked around the problem by creating the certificates outside my Docker environment and loading them inside the volumes. That's why you see the certificates created.... it works wonderfully. However, my real problem was that the error occurred after I tried to generate the certificates inside docker containers (certbot -> nginx). I can reach both letsencrypt (ping), the DNS seems to work and the firewall was enabled for 443 / 80... I had suspected that I may have run into a rate limiting with my IP. However... I give up and now use the working workaround outside the Docker network :slight_smile: Thanks anyway for dealing with my problem

2 Likes

Outbound? From the docker container?
Does the container have access to DNS?

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.