I am running certbot in an environment with proxy internet access in manual mode, this works when setting https_proxy except for the OCSP check which fails with the following error:
OCSP check failed for /etc/letsencrypt/archive/***/cert1.pem (are we offline?)
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/ocsp.py”, line 188, in _check_ocsp_cryptography
timeout=timeout)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/api.py”, line 119, in post
return request(‘post’, url, data=data, json=json, **kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/api.py”, line 61, in request
return session.request(method=method, url=url, **kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/sessions.py”, line 530, in request
resp = self.send(prep, **send_kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/sessions.py”, line 643, in send
r = adapter.send(request, **kwargs)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/adapters.py”, line 516, in send
raise ConnectionError(e, request=request)
ConnectionError: HTTPConnectionPool(host=‘ocsp.int-x3.letsencrypt.org’, port=80): Max retries exceeded with url: / (Caused by NewConnectionError(’<urllib3.connection.HTTPConnection object at 0x7f1c5f121110>: Failed to establish a new connection: [Errno 101] Network is unreachable’,))
I assume the network connection to the OCSP server is done without using the configured proxy so that it is unreachable. The certificate is still generated because all other connections work.