Ejecuté este comando: certbot --nginx -d mail.tsswireless.xyz
Produjo esta salida: Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Mi servidor web es: Dell Inc. OptiPlex 3010
El sistema operativo en el que se ejecuta mi servidor web es: AlmaLinux 9.1 (Lime Lynx)
Puedo iniciar una sesión en una shell root en mi servidor : sí
Estoy usando un panel de control para administrar mi sitio: no
La versión de mi cliente es: certbot 2.5.0
I can read the answers in English: yes
My domain is: mail.tsswireless.xyz
I ran this command: certbot --nginx -d mail.tsswireless.xyz
It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is: Dell Inc. OptiPlex 3010
The operating system my web server is running on is: AlmaLinux 9.1 (Lime Lynx)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/certbot", line 8, in
sys.exit(main())
File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1864, in main
return config.func(config, plugins)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1440, in run
le_client = _init_le_client(config, authenticator, installer)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 835, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 297, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 72, in acme_from_config_key
directory = acme_client.ClientV2.get_directory(config.server, net)
File "/usr/lib/python3.9/site-packages/acme/client.py", line 331, in get_directory
return messages.Directory.from_json(net.get(url).json())
File "/usr/lib/python3.9/site-packages/acme/client.py", line 706, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3.9/site-packages/acme/client.py", line 670, in _send_request
raise ValueError(f"Requesting {host}{path}:{err_msg}")
ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
2023-06-24 19:22:17,612:ERROR:certbot._internal.log:An unexpected error occurred:
2023-06-24 19:22:17,612:ERROR:certbot._internal.log:ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable
There is also a Spanish specific subsection to Help, you may find that helpful to in letting the Let's Encrypt community volunteers to know to use something like google translate
curl -4 ifconfig.co: curl: (7) Failed to connect to ifconfig.co port 80: There is no route to the `host'
curl -6 ifconfig.co: curl: (7) Couldn't connect to server
I think this is more likely a network config problem affecting outbound connections. And, not so much DNS resolver. You could just try dig letsencrypt.org
@Bruce5051 Note HTTP connections to the Let's Encrypt ACME API endpoint always fail because it only supports HTTPS. Something to watch for as you continue to debug
Check if your router has a VPN installed and active. If yes, then temporarily turn it off and try again. If this works and you have the new ssl.conf files then turn the VPN back on.
Hello everyone, I managed to solve the first error of could not reach acme-v02.api.letsencrypt.org/directory due to a wrong configuration of public networks in my router.
As for the ports, they are filtered because I only have a public IP and certain router services, apart from those used by my server, are exposed to the Internet.
What does leave me in doubt that I have configured the letsencrypt certificates with my mail server but I don't know why the expired certificate appears on port 587, I don't know if this is any configuration; I currently use potfix + dovecot
If you copied the certificates from /etc/letsencrypt/live into some other location, you have to repeat that on every renewal, as the content of the certificate and key will change every time. You can script that with the --deploy-hook option.
After a long reading of documentation in forums I found the causes of my connection problems and then everything shared in this thread helped me to solve the problem thanks to everyone
