I'm struggling with creating a certificate on a ubuntu 14.04
virtual machine in a private cloud, though I was able to do so on a
separate VM in the same cloud a week ago. The error I'm getting when
trying to run "./letsencrypt-auto certonly --standalone -d myfqdn" is
ConnectionError:
HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fa3c6535e90>: Failed to establish a new connection: [Errno 101] Network is unreachable',))
The private cloud uses a proxy server which I can reflect in the
https_proxy=myproxyurl environment variable and when I do so I can
successfully curl the implied link:
ubuntu@proxy01:~$ curl https://acme-v01.api.letsencrypt.org/directory
{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}
I can also retrieve the url from within python using urllib2 which
I suppose therefore must refer to the environment variable but not
with urllib3 which needs to be explicitly told about the proxy:
ubuntu@proxy01:~$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
url = 'https://acme-v01.api.letsencrypt.org/directory'
import urllib2
res2 = urllib2.urlopen(url)
res2.read()
'{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
import urllib3
http = urllib3.PoolManager()
res3 = http.request('GET', url)
This line hangs - it needs to be explicitly told about the proxy server, i.e.
http = urllib3.ProxyManager(myproxyurl)
res3 = http.request('GET', url)
res3.data
'{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
Noticing that the error I'm getting when I try and create my certificate is from
urllib3 and involves the request timing out I wonder if I need to indicate the proxy settings somehow when I generate. I
am confused however, the server on which I have been able to create
certificates is running the same operating system and letsencrypt
version. Or maybe its something else completely and I need nudging in a different direction. Any help would be much appreciated.