Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable

claude73 · July 7, 2020, 1:32pm

Just for test in a local apache server to check communication between server and Letsencrypt.org

My domain is:itinisere.fr
I ran this command: sudo certbot certonly --apache

It produced this output:
Requesting acme-v02.api.letsencrypt.org/directory: Network is unreachable

My web server is (include version):Apache 2.4.37 Centos8
My hosting provider, if applicable, is:local on my network
I can login to a root shell on my machine yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):NO

The version of my client is :1.5.0

curl -v https://acme-v02.api.letsencrypt.org/directory works perfectly with no error

We use a Proxy, before the command certbot we run:
export http_proxy="http://x.x.x.x:xxxx and https also

Letsencrypt logs
2020-07-07 08:46:45,129:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-07-07 08:47:30,189:DEBUG:certbot._internal.log:Exiting abnormally:

Possible that the proxy don’t allow the access during the script ?

Regards

JuergenAuer · July 7, 2020, 1:47pm

Hi @claude73

what says

traceroute acme-v02.api.letsencrypt.org

same with Google.com.

To Letsencrypt, every step should answer.

claude73 · July 7, 2020, 2:24pm

But with traceroute for any site we don’t have icmp allowed in the FW

I use export " export http_proxy=“http://x.x.x.x:xxxx” before curl
and also before the certbot command

I see TCP MISS in the Proxy CONNECT acme-v02.api.letsencrypt.org:443 - DIRECT/172.65.32.248
8 try and nothing after

regards

claude73 · July 15, 2020, 2:21pm

Hi, traceroute is not working, but the proxy refuse icmp and other way accross firewall is forbiden.

when I use curl command I use the proxy and it’s good.

But Certbot command " HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443"
try to pass out of proxy and it’s not possible
I don’t understand why with export https defined before Certbot don’t use the proxy ?

Regards

claude73 · July 16, 2020, 2:02pm

With the bypass of proxy it’s now possible to start the Certbot configuration
The computer used for generate the certicat is not the target server
during the http01-challenge too many redirect message
the apps cannot access to domaine/directory
Redirect is only http to https

system · August 15, 2020, 2:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.