Nginx Ubuntu 18.04

Just spun up this server yesterday on Linode. We’ve had issues getting Letsencrypt up and running since the start so the current MaxRetryError is just the last in a series. We’re not having issues with install or operations on our other servers with Letsencrypt. We used https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx for install instructions.

My domain is:
staging1.vividiridium.com

I ran this command:
sudo certbot --nginx

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): --redacted–
Certificate did not match expected hostname: acme-v02.api.letsencrypt.org. Certificate: {‘subject’: (((‘countryName’, ‘US’),), ((‘stateOrProvinceName’, ‘Texas’),), ((‘localityName’, ‘Fort Worth’),), ((‘jurisdictionCountryName’, ‘US’),), ((‘jurisdictionStateOrProvinceName’, ‘Delaware’),), ((‘organizationName’, ‘American Airlines Inc’),), ((‘businessCategory’, ‘Private Organization’),), ((‘serialNumber’, ‘0332421’),), ((‘commonName’, ‘av.aa.com’),)), ‘issuer’: (((‘countryName’, ‘US’),), ((‘organizationName’, ‘Entrust, Inc.’),), ((‘organizationalUnitName’, ‘See www.entrust.net/legal-terms’),), ((‘organizationalUnitName’, ‘© 2014 Entrust, Inc. - for authorized use only’),), ((‘commonName’, ‘Entrust Certification Authority - L1M’),)), ‘version’: 3, ‘serialNumber’: ‘5EDEDE15D8622B120000000054D0C24A’, ‘notBefore’: ‘Jan 13 16:25:04 2020 GMT’, ‘notAfter’: ‘Jan 13 16:55:04 2022 GMT’, ‘subjectAltName’: ((‘DNS’, ‘av.aa.com’), (‘DNS’, ‘www.simplymiles.com’), (‘DNS’, ‘simplymiles.com’), (‘DNS’, ‘resagent.aa.com’), (‘DNS’, ‘asguard.aa.com’)), ‘OCSP’: (‘http://ocsp.entrust.net’,), ‘caIssuers’: (‘http://aia.entrust.net/l1m-chain256.cer’,), ‘crlDistributionPoints’: (‘http://crl.entrust.net/level1m.crl’,)}
An unexpected error occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 601, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 346, in _make_request
self._validate_conn(conn)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 852, in _validate_conn
conn.connect()
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 346, in connect
_match_hostname(cert, self.assert_hostname or hostname)
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 356, in _match_hostname
match_hostname(cert, asserted_hostname)
File “/usr/lib/python3.6/ssl.py”, line 327, in match_hostname
% (hostname, ', '.join(map(repr, dnsnames))))
ssl.CertificateError: hostname ‘acme-v02.api.letsencrypt.org’ doesn’t match either of ‘av.aa.com’, ‘www.simplymiles.com’, ‘simplymiles.com’, ‘resagent.aa.com’, ‘asguard.aa.com

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 440, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by SSLError(CertificateError(“hostname ‘acme-v02.api.letsencrypt.org’ doesn’t match either of ‘av.aa.com’, ‘www.simplymiles.com’, ‘simplymiles.com’, ‘resagent.aa.com’, ‘asguard.aa.com’”,),))

During handling of the above exception, another exception occurred:

requests.exceptions.SSLError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by SSLError(CertificateError(“hostname ‘acme-v02.api.letsencrypt.org’ doesn’t match either of ‘av.aa.com’, ‘www.simplymiles.com’, ‘simplymiles.com’, ‘resagent.aa.com’, ‘asguard.aa.com’”,),))
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:
self

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

Hi @iridiumdigital

your error says: You have a hardcoded ip address in your hosts file.

That’s an Akami address, but Letsencrypt has switched.

Remove that entry.

Thanks Juergen. That was part of it, but we still get timeout issues when we enter our admin email.

We trashed that server and spun up a new fresh one and everything went normal this time.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.