Renew is failing the process

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: miazza.no-ip.biz
I ran this command: certbot renew

It produced this output:
root@debian:/etc/letsencrypt# ./renew.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/miazza.no-ip.biz.conf


OCSP check failed for /etc/letsencrypt/archive/miazza.no-ip.biz/cert1.pem (are w e offline?)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 169, in _new _conn
conn = connection.create_connection(
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 73, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 394, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 234, in requ est
super(HTTPConnection, self).request(method, url, body=body, headers=headers)
File "/usr/lib/python3.9/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.9/http/client.py", line 950, in send
self.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 200, in conn ect
conn = self._new_conn()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 181, in _new _conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x75962058>: Failed to establish a new connection: [Errno -3] Temporary fail ure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in incr ement
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='r3.o.lencr.org', port =80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.c onnection.HTTPConnection object at 0x75962058>: Failed to establish a new connec tion: [Errno -3] Temporary failure in name resolution'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/ocsp.py", line 186, in _check_ocs p_cryptography
response = requests.post(url, data=request_binary,
File "/usr/lib/python3/dist-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in reque st
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='r3.o.lencr.org', p ort=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib 3.connection.HTTPConnection object at 0x75962058>: Failed to establish a new con nection: [Errno -3] Temporary failure in name resolution'))
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Failed to renew certificate miazza.no-ip.biz with error: HTTPSConnectionPool(hos t='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /dir ectory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x75963b80>: Failed to establish a new connection: [Errno -3] Temporary fail ure in name resolution'))


All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/miazza.no-ip.biz/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)
root@debian:/etc/letsencrypt# ./renew.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/miazza.no-ip.biz.conf


OCSP check failed for /etc/letsencrypt/archive/miazza.no-ip.biz/cert1.pem (are we offline?)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 169, in _new_conn
conn = connection.create_connection(
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 73, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 394, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 234, in request
super(HTTPConnection, self).request(method, url, body=body, headers=headers)
File "/usr/lib/python3.9/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.9/http/client.py", line 950, in send
self.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 200, in connect
conn = self._new_conn()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 181, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x75903088>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='r3.o.lencr.org', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x75903088>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/ocsp.py", line 186, in _check_ocsp_cryptography
response = requests.post(url, data=request_binary,
File "/usr/lib/python3/dist-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='r3.o.lencr.org', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x75903088>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Failed to renew certificate miazza.no-ip.biz with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x75904be0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))


All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/miazza.no-ip.biz/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

My web server is (include version):

The operating system my web server runs on is (include version): Debian

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

It looks like the DNS resolution on your server is currently not working.

Does this work?

curl -I https://acme-v02.api.letsencrypt.org
3 Likes

It seems not ...

root@debian:/etc/letsencrypt# curl -I https://acme-v02.api.letsencrypt.org
curl: (6) Could not resolve host: acme-v02.api.letsencrypt.org

What shall I do ?
I have temporarily opened port 80 on the router.

my DNS miazza.no-ip.biz seems well working.

Fix the DNS resolving capabilities on your host (which is affecting your entire host, not just Let's Encrypt certificate renewal), which is beyond the purpose of this Community.

5 Likes

This has to do with how your server resolves domain names.

You can try modify /etc/resolv.conf so that it reads:

nameserver 1.1.1.1
nameserver 1.0.0.1

and see whether that helps.

That's not necessarily the right/best way to change it on your server, but it should get you going.

3 Likes

Supplemental information

> miazza.no-ip.biz
Server:         nf1.no-ip.com
Address:        194.62.182.53#53

Name:   miazza.no-ip.biz
Address: 93.71.3.171
>
1 Like

Well, I do not know what the above is doing in the system but it worked:
root@debian:/etc/letsencrypt# nano /etc/resolv.conf
root@debian:/etc/letsencrypt# curl -I https://acme-v02.api.letsencrypt.org
HTTP/2 200
server: nginx
date: Tue, 22 Nov 2022 21:21:07 GMT
content-type: text/html
content-length: 1540
last-modified: Thu, 23 Jun 2022 21:25:28 GMT
etag: "62b4da48-604"
x-frame-options: DENY
strict-transport-security: max-age=604800

root@debian:/etc/letsencrypt# ./renew.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/miazza.no-ip.biz.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate for miazza.no-ip.biz
Performing the following challenges:
http-01 challenge for miazza.no-ip.biz
Waiting for verification...
Cleaning up challenges


new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/miazza.no-ip.biz/fullchain.pem



Congratulations, all renewals succeeded:
/etc/letsencrypt/live/miazza.no-ip.biz/fullchain.pem (success)


Running post-hook command: service apache2 reload

Shall I modify it back as it was before ?

It is letting the system use those 2 name servers when resolving DNS name requests on that system.
Thus allowing that system to find the name acme-v02.api.letsencrypt.org and getting an answer.

Depends what it was before. Because apparently it wasn't working.

3 Likes

It was empty but there was a worning not to modify that file :slight_smile:

Probably something like this, it would vary depending on what every is managing your System's DNS.
But that is why @_az said

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .
1 Like