ReadTimeout: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443)

Same here

ReadTimeout: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

acme-v01.api.letsencrypt.org is an alias for api.letsencrypt.org.edgekey.net.
api.letsencrypt.org.edgekey.net is an alias for e981.dscb.akamaiedge.net.
e981.dscb.akamaiedge.net has address 23.1.67.122
e981.dscb.akamaiedge.net has IPv6 address 2a02:26f0:4:199::3d5
e981.dscb.akamaiedge.net has IPv6 address 2a02:26f0:4:183::3d5

Same problem:

An unexpected error occurred:
ReadTimeout: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

In case you haven’t noticed, this is a FREE service made possible by sponsors. It’s not “unprofessional” because it’s not a “professional” service. You get what you pay for, and you have paid nothing.

The time frame is 3 months because that is required in order to reduce the scope for abuse of the FREE service.

If you want professional support, SLAs, long certificate time spans, use one of the many and varied commercial options.

7 Likes

Waiting till the cert has expired makes you unprofessional. LE sends an email 15 days prior to the cert expiring. There is no excuse for not renewing certs before expiration. Moreover, this should be an automated process. Not a manual one.

6 Likes

Great! Thank you for the information. Will keep checking for updates.http://letsencrypt.status.io/ says it´s pretty big,
“Service Disruption” on all but the website. :neutral_face:

Got the same here (a week to go). It seems from a netstat -l while certbot is running that it’s not listening on port 443 (or indeed any port) so it’s hardly surprising there’s no response.

(edit) Jumping in before full diagnostics. I can see what’s happening now and will wait patiently :slight_smile:

Same issue here. Cert expired today and can’t renew now.

I know it’s a free service. Thank you for confirming in different words that it’s not a reliable professional service.

Thank you for sharing your thoughts. The renew script is in the cronjob already. Instead of just sending email alerts that do nothing to tell me there’s an issue, so I leave it alone as the crontab is in place, perhaps the email can carry the error – and the documentation can be a bit more helpful in how to remove a domain, etc, as discussed above.

Anyway, we have now learned our lesson. This ‘free’ service is OK for toy sites or personal blogs. Not for anything beyond.

So now, you know that instead of complaining about a free service that you use in a professional environment you should buy a SSL certificate from an authority that match you needs ? :slight_smile:

Moreover I also use Letsencrypt for a part of my enterprise services and I don’t have any problem since the certificates are always renewed on time, not the day before it expires. Right now I just cannot issue new ones. And these websites i’m speaking of are not ‘toys’ I can assure you :stuck_out_tongue:

Is there any official statement when the api is reachable again…

Hi,
if you run Apache with cPanel/WHM, you can do a temporary fix, yo can disabled OCSP Stapling within the Apache configuration and restarted Apache to apply the changes. With OCSP Stapling disabled, the browser now checks the revocation status, rather than the server itself. This reduces the burden from the server, and eliminates the possibility of this issue occuring again (unless OCSP Stapling is re-enabled and this happens again).

The directive is as follows: SSLUseStapling off
This directive cannot be controlled from WHM, it needs to be manually configured using an access method such as SSH or sFTP.

I hope this help.

Regards

P.S.

Looks like, a notice there at http://letsencrypt.status.io/ of Service Disruption.

Getting same error while setting up Let’s Encrypt. Waiting for Green Signal.

@servx, @NearlyNormal, you must have done something wrong then.

The official recommendation is that you set your cron task to run every day checking expiration dates of your certificates, and request replacement for certificates that have ≤30 days of validity left (e.g. just running certbot renew). With proper setup youʼd have a 30 days long buffer to try to request a fresh certificate and still have a valid one in place.

1 Like

Status now shows operational. Usage suggests otherwise.

It’s now marked as “Operational” but I still have Gateway timeouts when trying to reach https://acme-v01.api.letsencrypt.org/

# wget -S https://acme-v01.api.letsencrypt.org/ -O -
--2017-05-19 15:43:33--  https://acme-v01.api.letsencrypt.org/
Résolution de acme-v01.api.letsencrypt.org (acme-v01.api.letsencrypt.org)… 104.93.241.239, 2a02:26f0:135:28a::3d5, 2a02:26f0:135:29d::3d5
Connexion à acme-v01.api.letsencrypt.org (acme-v01.api.letsencrypt.org)|104.93.241.239|:443… connecté.
requête HTTP transmise, en attente de la réponse… 
  HTTP/1.1 504 Gateway Time-out
  Server: AkamaiGHost
  Mime-Version: 1.0
  Content-Type: text/html
  Content-Length: 176
  Expires: Fri, 19 May 2017 13:44:33 GMT
  Cache-Control: max-age=0, no-cache, no-store
  Pragma: no-cache
  Date: Fri, 19 May 2017 13:44:33 GMT
  Connection: keep-alive
2017-05-19 15:44:33 erreur 504 : Gateway Time-out.

What about you ?

It is set for every day. The notification do not send any potential error, that’s my point.

Same here. It’s down.

As was pointed out by several others over the course of this thread the error is a result of an ongoing service disruption. Please follow status.letsencrypt.org for more information. We should have all of the remaining issues resolved shortly.

In the meantime I’m going to lock this thread since there isn’t a need for further discussion on this particular error. Please open a new thread if you need to resume discussion.

Thanks for your patience, we apologize for the disruption and I expect more detailed root cause information will be shared in the near future.

1 Like