Request to unblock IP

marcocajon · November 24, 2021, 3:28am

I just migrated from nginx on my host OS to Nginx-proxy-manager, and I'm now unable to get SSL certificates from acme-v02.api.letsencrypt.org/directory

Note I'm a hobbyist doing all of this manually, running self hosted apps for personal and family use. I also have some own website projects.

It produced this output (I removed my email just in case):

*Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-9" --agree-tos --authenticator webroot --email "XXXXXXXX@gmail.com" --preferred-challenges "dns,http" --domains "npm-alpha01.marcenaro.me" *
*Saving debug log to /var/log/letsencrypt/letsencrypt.log*
*An unexpected error occurred:*
*requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))*
*Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.*

* at ChildProcess.exithandler (node:child_process:397:12)*
* at ChildProcess.emit (node:events:390:28)*
* at maybeClose (node:internal/child_process:1064:16)*
* at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)*

My web server is (include version): Debian GNU/Linux 10 (buster)

My hosting provider, if applicable, is: AlphaVPS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Thanks team!

rg305 · November 24, 2021, 4:05am

Hi @marcocajon and welcome to the LE community forum

If you were able to obtain certs via nginx (and this is the only change made), then clearly the question should go to an nginx-proxy-manager forum.

That said, I also see:

But no actual webroot-path is specified.
hmm...

Also see:

So that looks like a temporary DNS failure on your system.
Can it resolve?:
acme-v02.api.letsencrypt.org

marcocajon · November 25, 2021, 4:02am

Thanks for taking a look!

In regards to:

My VPS is able to resolve it:

;; ANSWER SECTION:
acme-v02.api.letsencrypt.org. 7150 IN   CNAME   prod.api.letsencrypt.org.
prod.api.letsencrypt.org. 300   IN      CNAME   ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com. 300 IN A 172.65.32.248

However when I try to curl:

debian@Alpha01:~$  curl http://acme-v02.api.letsencrypt.org/directory
curl: (56) Recv failure: Connection reset by peer

Again thanks for the help!

MikeMcQ · November 25, 2021, 4:10am

Need to use https for that so try:
curl https://acme-v02.api.letsencrypt.org/directory

system · December 25, 2021, 4:10am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot -d with error - IP Blocked? Help	9	1415	November 3, 2023
My ip is blocked by Let’s Encrypt Help	16	1586	June 19, 2023
Failure to Connect to acme-staging-v02.api.letsencrypt.org Help	9	2920	June 18, 2022
[Solved] Unable to access https://acme-staging-v02.api.letsencrypt.org/directory Help	7	12925	November 20, 2019
Trouble Renewing SSL Certificates: Name Resolution Error Help	5	503	March 18, 2024

Request to unblock IP

Related Topics