Problema de conexión / connection problem

Puedo leer las respuestas en Inglés: sí

Mi dominio es:

Ejecuté este comando: certbot --nginx -d

Produjo esta salida: Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ValueError: Requesting Network is unreachable
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Mi servidor web es: Dell Inc. OptiPlex 3010

El sistema operativo en el que se ejecuta mi servidor web es: AlmaLinux 9.1 (Lime Lynx)

Puedo iniciar una sesión en una shell root en mi servidor : sí

Estoy usando un panel de control para administrar mi sitio: no

La versión de mi cliente es: certbot 2.5.0

I can read the answers in English: yes

My domain is:

I ran this command: certbot --nginx -d

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
ValueError: Requesting Network is unreachable
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is: Dell Inc. OptiPlex 3010

The operating system my web server is running on is: AlmaLinux 9.1 (Lime Lynx)

I can log in to a root shell on my server : yes

I am using a control panel to manage my site: no

My client version is: certbot 2.5.0

Hello @, welcome to the Let's Encrypt community. :slightly_smiling_face:

$ curl -Ii
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Sun, 25 Jun 2023 00:49:04 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
$ curl -Ii
HTTP/1.1 403 Forbidden
Server: nginx/1.20.1
Date: Sun, 25 Jun 2023 00:49:08 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

Your server is returning 403 Forbidden - HTTP | MDN
When it should be returning 404 Not Found - HTTP | MDN

You can find general nginx information you might find nginx documentation and .

Port 443 certificate is fine
Edit using this certificate | 9453340096

Port 465 certificate has expired
Edit using this certificate | 8953137307

Also please attach the

1 Like

My letsencrypt.log

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/bin/certbot", line 8, in
File "/usr/lib/python3.9/site-packages/certbot/", line 19, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.9/site-packages/certbot/_internal/", line 1864, in main
return config.func(config, plugins)
File "/usr/lib/python3.9/site-packages/certbot/_internal/", line 1440, in run
le_client = _init_le_client(config, authenticator, installer)
File "/usr/lib/python3.9/site-packages/certbot/_internal/", line 835, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3.9/site-packages/certbot/_internal/", line 297, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3.9/site-packages/certbot/_internal/", line 72, in acme_from_config_key
directory = acme_client.ClientV2.get_directory(config.server, net)
File "/usr/lib/python3.9/site-packages/acme/", line 331, in get_directory
return messages.Directory.from_json(net.get(url).json())
File "/usr/lib/python3.9/site-packages/acme/", line 706, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3.9/site-packages/acme/", line 670, in _send_request
raise ValueError(f"Requesting {host}{path}:{err_msg}")
ValueError: Requesting Network is unreachable
2023-06-24 19:22:17,612:ERROR:certbot._internal.log:An unexpected error occurred:
2023-06-24 19:22:17,612:ERROR:certbot._internal.log:ValueError: Requesting Network is unreachable

There is also a Spanish specific subsection to Help, you may find that helpful to in letting the Let's Encrypt community volunteers to know to use something like google translate

1 Like

Share the output of

curl -4

and also

curl -4
curl -6
curl -4
curl -6
1 Like

curl -4 : curl: (7) Failed to connect to port 80: There is no route to the `host'

curl -4 curl: (7) Failed to connect to port 80: There is no route to the `host'
curl -6 curl: (7) Couldn't connect to server

I currently have disarmed in pv6

Your DNS Resolver is not configured correctly on that machine.

What do ifconfig -a and netstat -r -n show?

1 Like

I think this is more likely a network config problem affecting outbound connections. And, not so much DNS resolver. You could just try dig

@Bruce5051 Note HTTP connections to the Let's Encrypt ACME API endpoint always fail because it only supports HTTPS. Something to watch for as you continue to debug

curl -I
curl: (56) Recv failure: Connection reset by peer

curl -I
HTTP/2 200
server: nginx

Thanks @MikeMcQ! :slight_smile:


@JoseGR02 presently inbound ports 80, 443, and 465 are all being filtered and not OPEN.

$ nmap -Pn -p80,443,465
Starting Nmap 7.80 ( ) at 2023-06-25 02:48 UTC
Nmap scan report for (
Host is up.

80/tcp  filtered http
443/tcp filtered https
465/tcp filtered smtps

Nmap done: 1 IP address (1 host up) scanned in 3.54 seconds

There is a newer version.

If DNS was failing, then this:

Would have said something more like:
curl: (6) Could not resolve host: ...

So, I don't think DNS is the issue.
It's more like the outbound firewall rules are blocking it.


Yeah, @rg305 you and @MikeMcQ are correct! :beers:


Check if your router has a VPN installed and active. If yes, then temporarily turn it off and try again. If this works and you have the new ssl.conf files then turn the VPN back on.

Hello everyone, I managed to solve the first error of could not reach due to a wrong configuration of public networks in my router.

As for the ports, they are filtered because I only have a public IP and certain router services, apart from those used by my server, are exposed to the Internet.

What does leave me in doubt that I have configured the letsencrypt certificates with my mail server but I don't know why the expired certificate appears on port 587, I don't know if this is any configuration; I currently use potfix + dovecot

If you copied the certificates from /etc/letsencrypt/live into some other location, you have to repeat that on every renewal, as the content of the certificate and key will change every time. You can script that with the --deploy-hook option.


After a long reading of documentation in forums I found the causes of my connection problems and then everything shared in this thread helped me to solve the problem thanks to everyone

1 Like

It would be great if you could describe the solution.
So that others, in the same situation, could use that same solution to solve their problem.


To solve the issue of port filtering in a mikrotik router I suggest the following video Cómo abrir el puerto en el enrutador Mikrotik - YouTube


For a correct configuration of ssl certificates with postfix


and as advice, never use public IP ranges as an internal network

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.