Renewal Dry Run Errno 8

I ran this command:
certbot renew --dry-run

It produced this output:
2017-07-06 20:38:06,299:WARNING:cerbot.renewal:Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/websitehere.org.conf produced an unexpected error: HTTPSConnectionPool(host=‘acme-staging.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x80816a750>: Failed to establish a new connection: [Errno 8] hostname nor servname provided, or not known’,)). Skipping.

My web server is (include version):
Apache 2.4

The operating system my web server runs on is:
FreeBSD 11

I can login to a root shell on my machine:
Yes

I’m using a control panel to manage my site:
No

As there is no “websitehere.org” and so very little to work with…
I can only guess.

Maybe a/your firewall is blocking your server’s outbound https connections to ‘acme-staging.api.letsencrypt.org’, port=443

websitehere is an example name in place of the actual site. The firewall is not blocking outbound https connections.

It might be interesting to try

$ python

>>> import requests
>>> requests.get("https://www.google.com/")
>>> requests.get("https://acme-staging.api.letsencrypt.org/directory")

I’m sorry. While I plan to learn python at some point, I don’t know how to execute those commands. I do know that pip is installed, the current version being: “pip 8.0.2 from /usr/local/lib/python2.7/site-packages (python 2.7)”, if that info is useful at all.

can you use something simpler like curl or wget?
(although that would not prove if python is able to retrieve secure pages from the Internet - it might shed a little light)

You should literally just be able to type them in at a shell prompt (not typing either the $, which is the shell prompt, or the >>>, which is the Python prompt).

If it works, Python will reply with <Response [200]> after each of the second two commands.

At the end, you can press Ctrl+D to exit the Python interpreter.

Never mind. I’ve shut down the firewall completely exposing everything and the renewal worked fine. I think the problem was since the firewall only allows https and few other ports, and blocks everything else by default, it may have blocked one of the ports that the renewal service uses. I suppose I just have to find what that port is, and open it up in the firewall.

Thanks for all the help. My apologies for not thinking to try shutting off the firewall completely.

I’m an idiot. Turns out it was a DNS issue, so the server wasn’t able to resolve the URL to its IP. No firewall issues.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.