Renewal Dry Run Errno 8

Labourer · July 7, 2017, 3:57am

I ran this command:
certbot renew --dry-run

It produced this output:
2017-07-06 20:38:06,299:WARNING:cerbot.renewal:Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/websitehere.org.conf produced an unexpected error: HTTPSConnectionPool(host=‘acme-staging.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x80816a750>: Failed to establish a new connection: [Errno 8] hostname nor servname provided, or not known’,)). Skipping.

My web server is (include version):
Apache 2.4

The operating system my web server runs on is:
FreeBSD 11

I can login to a root shell on my machine:
Yes

I’m using a control panel to manage my site:
No

rg305 · July 7, 2017, 4:53am

As there is no “websitehere.org” and so very little to work with…
I can only guess.
…
Maybe a/your firewall is blocking your server’s outbound https connections to ‘acme-staging.api.letsencrypt.org’, port=443

Labourer · July 7, 2017, 4:56am

websitehere is an example name in place of the actual site. The firewall is not blocking outbound https connections.

schoen · July 7, 2017, 5:05am

It might be interesting to try

$ python

>>> import requests
>>> requests.get("https://www.google.com/")
>>> requests.get("https://acme-staging.api.letsencrypt.org/directory")

Labourer · July 7, 2017, 5:17am

I’m sorry. While I plan to learn python at some point, I don’t know how to execute those commands. I do know that pip is installed, the current version being: “pip 8.0.2 from /usr/local/lib/python2.7/site-packages (python 2.7)”, if that info is useful at all.

rg305 · July 7, 2017, 5:24am

can you use something simpler like curl or wget?
(although that would not prove if python is able to retrieve secure pages from the Internet - it might shed a little light)

schoen · July 7, 2017, 5:32am

You should literally just be able to type them in at a shell prompt (not typing either the $, which is the shell prompt, or the >>>, which is the Python prompt).

If it works, Python will reply with <Response [200]> after each of the second two commands.

At the end, you can press Ctrl+D to exit the Python interpreter.

Labourer · July 7, 2017, 7:10am

Never mind. I’ve shut down the firewall completely exposing everything and the renewal worked fine. I think the problem was since the firewall only allows https and few other ports, and blocks everything else by default, it may have blocked one of the ports that the renewal service uses. I suppose I just have to find what that port is, and open it up in the firewall.

Thanks for all the help. My apologies for not thinking to try shutting off the firewall completely.

Labourer · July 7, 2017, 7:53am

I’m an idiot. Turns out it was a DNS issue, so the server wasn’t able to resolve the URL to its IP. No firewall issues.

system · August 6, 2017, 7:53am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.