Renew is failing the process

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: miazza.no-ip.biz
I ran this command: certbot renew

It produced this output:
root@debian:/etc/letsencrypt# ./renew.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/miazza.no-ip.biz.conf

OCSP check failed for /etc/letsencrypt/archive/miazza.no-ip.biz/cert1.pem (are w e offline?)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 169, in _new _conn
conn = connection.create_connection(
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 73, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 394, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 234, in requ est
super(HTTPConnection, self).request(method, url, body=body, headers=headers)
File "/usr/lib/python3.9/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.9/http/client.py", line 950, in send
self.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 200, in conn ect
conn = self._new_conn()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 181, in _new _conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x75962058>: Failed to establish a new connection: [Errno -3] Temporary fail ure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in incr ement
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='r3.o.lencr.org', port =80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.c onnection.HTTPConnection object at 0x75962058>: Failed to establish a new connec tion: [Errno -3] Temporary failure in name resolution'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/ocsp.py", line 186, in _check_ocs p_cryptography
response = requests.post(url, data=request_binary,
File "/usr/lib/python3/dist-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in reque st
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='r3.o.lencr.org', p ort=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib 3.connection.HTTPConnection object at 0x75962058>: Failed to establish a new con nection: [Errno -3] Temporary failure in name resolution'))
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Failed to renew certificate miazza.no-ip.biz with error: HTTPSConnectionPool(hos t='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /dir ectory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x75963b80>: Failed to establish a new connection: [Errno -3] Temporary fail ure in name resolution'))

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/miazza.no-ip.biz/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
root@debian:/etc/letsencrypt# ./renew.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/miazza.no-ip.biz.conf

OCSP check failed for /etc/letsencrypt/archive/miazza.no-ip.biz/cert1.pem (are we offline?)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 169, in _new_conn
conn = connection.create_connection(
File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 73, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 699, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 394, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 234, in request
super(HTTPConnection, self).request(method, url, body=body, headers=headers)
File "/usr/lib/python3.9/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.9/http/client.py", line 950, in send
self.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 200, in connect
conn = self._new_conn()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 181, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x75903088>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 755, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='r3.o.lencr.org', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x75903088>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/ocsp.py", line 186, in _check_ocsp_cryptography
response = requests.post(url, data=request_binary,
File "/usr/lib/python3/dist-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='r3.o.lencr.org', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x75903088>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Failed to renew certificate miazza.no-ip.biz with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x75904be0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/miazza.no-ip.biz/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):

The operating system my web server runs on is (include version): Debian

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

It looks like the DNS resolution on your server is currently not working.

Does this work?

curl -I https://acme-v02.api.letsencrypt.org
3 Likes
3

It seems not ...

root@debian:/etc/letsencrypt# curl -I https://acme-v02.api.letsencrypt.org
curl: (6) Could not resolve host: acme-v02.api.letsencrypt.org

What shall I do ?
I have temporarily opened port 80 on the router.

my DNS miazza.no-ip.biz seems well working.

4

Fix the DNS resolving capabilities on your host (which is affecting your entire host, not just Let's Encrypt certificate renewal), which is beyond the purpose of this Community.

5 Likes
5

This has to do with how your server resolves domain names.

You can try modify /etc/resolv.conf so that it reads:

nameserver 1.1.1.1
nameserver 1.0.0.1

and see whether that helps.

That's not necessarily the right/best way to change it on your server, but it should get you going.

3 Likes
6

Supplemental information

> miazza.no-ip.biz
Server:         nf1.no-ip.com
Address:        194.62.182.53#53

Name:   miazza.no-ip.biz
Address: 93.71.3.171
>
1 Like
7

Well, I do not know what the above is doing in the system but it worked:
root@debian:/etc/letsencrypt# nano /etc/resolv.conf
root@debian:/etc/letsencrypt# curl -I https://acme-v02.api.letsencrypt.org
HTTP/2 200
server: nginx
date: Tue, 22 Nov 2022 21:21:07 GMT
content-type: text/html
content-length: 1540
last-modified: Thu, 23 Jun 2022 21:25:28 GMT
etag: "62b4da48-604"
x-frame-options: DENY
strict-transport-security: max-age=604800

root@debian:/etc/letsencrypt# ./renew.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/miazza.no-ip.biz.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate for miazza.no-ip.biz
Performing the following challenges:
http-01 challenge for miazza.no-ip.biz
Waiting for verification...
Cleaning up challenges

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/miazza.no-ip.biz/fullchain.pem

Congratulations, all renewals succeeded:
/etc/letsencrypt/live/miazza.no-ip.biz/fullchain.pem (success)

Running post-hook command: service apache2 reload

Shall I modify it back as it was before ?

8

It is letting the system use those 2 name servers when resolving DNS name requests on that system.
Thus allowing that system to find the name acme-v02.api.letsencrypt.org and getting an answer.

9

Depends what it was before. Because apparently it wasn't working.

3 Likes
10

It was empty but there was a worning not to modify that file :slight_smile:

11

Probably something like this, it would vary depending on what every is managing your System's DNS.
But that is why @_az said

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .
1 Like
13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.