Problems while creating a certificate

Hi there, I am trying to create a SSL certificate for a subdomain name but I am getting some errors. Any help please !!

I ran this command,
certbot certonly -a webroot --webroot-path=/var/www/{{ letsencrypt_domain_name }} -d {{ letsencrypt_domain_name }} -n --agree-tos --email {{ letsencrypt_email }}

My operating system is :
Debian 8 (Jessie)

My web server is:
nginx

My hosting provider:
Company servers

I can login to a root shell on my machine:
Yes

I’m using a control panel to manage my site:
No

Running this command produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f7119e9c290>: Failed to establish a new connection: [Errno -2] Name or service not known’,))
Please see the logfiles in /var/log/letsencrypt for more details.

Debug log /var/log/letsencrypt/letsencrypt.log looks like this:
2017-04-20 05:22:12,828:DEBUG:certbot.main:Root logging level set at 20
2017-04-20 05:22:12,829:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-04-20 05:22:12,830:DEBUG:certbot.main:certbot version: 0.9.3
2017-04-20 05:22:12,830:DEBUG:certbot.main:Arguments: [’-a’, ‘webroot’, ‘–webroot-path=/var/www/production/portal.feenix.co.nz/current’, ‘-d’, ‘portal.feenix.co.nz’, ‘-n’, ‘–agree-tos’, ‘–email’, ‘net$
2017-04-20 05:22:12,830:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-04-20 05:22:12,831:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-04-20 05:22:12,834:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f7120bafbd0>
Prep: True
2017-04-20 05:22:12,834:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f7120bafbd0> and installer None
2017-04-20 05:22:13,002:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-04-20 05:22:13,004:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-04-20 05:22:13,021:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==0.9.3’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 776, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 558, in obtain_cert
le_client = _init_le_client(config, auth, installer)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 368, in _init_le_client
acc, acme = _determine_account(config)
File “/usr/lib/python2.7/dist-packages/certbot/main.py”, line 353, in _determine_account
config, account_storage, tos_cb=_tos_cb)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 118, in register
acme = acme_from_config_key(config, key)
File “/usr/lib/python2.7/dist-packages/certbot/client.py”, line 42, in acme_from_config_key
return acme_client.Client(config.server, key=key, net=net)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 63, in init
self.net.get(directory).json())
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 624, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python2.7/dist-packages/acme/client.py”, line 606, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 475, in request
resp = self.send(prep, **send_kwargs)
File “/usr/lib/python2.7/dist-packages/requests/sessions.py”, line 596, in send
r = adapter.send(request, **kwargs)
File “/usr/lib/python2.7/dist-packages/requests/adapters.py”, line 487, in send
raise ConnectionError(e, request=request)
ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.Verifie$

Looks like your server can’t connect to acme-v01.api.letsencrypt.org through HTTPS.

You might want to try to surf to https://acme-v01.api.letsencrypt.org/directory with a browser to see if that works or not.

Perhaps it’s a company firewall issue?

By the way, acme-v01.api.letsencrypt.org is offloaded through Akamai CDN services, not directly to Let’s Encrypt.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.