Request to unblock IP

My domain is: marcenaro.me

I just migrated from nginx on my host OS to Nginx-proxy-manager, and I'm now unable to get SSL certificates from acme-v02.api.letsencrypt.org/directory

Note I'm a hobbyist doing all of this manually, running self hosted apps for personal and family use. I also have some own website projects.

It produced this output (I removed my email just in case):

*Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --cert-name "npm-9" --agree-tos --authenticator webroot --email "XXXXXXXX@gmail.com" --preferred-challenges "dns,http" --domains "npm-alpha01.marcenaro.me" *
*Saving debug log to /var/log/letsencrypt/letsencrypt.log*
*An unexpected error occurred:*
*requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))*
*Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.*

* at ChildProcess.exithandler (node:child_process:397:12)*
* at ChildProcess.emit (node:events:390:28)*
* at maybeClose (node:internal/child_process:1064:16)*
* at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)*

My web server is (include version): Debian GNU/Linux 10 (buster)

My hosting provider, if applicable, is: AlphaVPS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Thanks team!

1 Like

Hi @marcocajon and welcome to the LE community forum :slight_smile:

If you were able to obtain certs via nginx (and this is the only change made), then clearly the question should go to an nginx-proxy-manager forum.

That said, I also see:

But no actual webroot-path is specified.
hmm...

Also see:

So that looks like a temporary DNS failure on your system.
Can it resolve?:
acme-v02.api.letsencrypt.org

5 Likes

Thanks for taking a look!

In regards to:

My VPS is able to resolve it:

;; ANSWER SECTION:
acme-v02.api.letsencrypt.org. 7150 IN   CNAME   prod.api.letsencrypt.org.
prod.api.letsencrypt.org. 300   IN      CNAME   ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com.
ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com. 300 IN A 172.65.32.248

However when I try to curl:

debian@Alpha01:~$  curl http://acme-v02.api.letsencrypt.org/directory
curl: (56) Recv failure: Connection reset by peer

Again thanks for the help!

1 Like

Need to use https for that so try:
curl https://acme-v02.api.letsencrypt.org/directory

2 Likes