requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f37200f0b50>: Failed to esta

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hain3d.duckdns.org

I ran this command: I started Let's Encrypt add-on in Home Assistant OS

It produced this output: s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[16:24:44] INFO: Selected http verification
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f37200f0b50>: Failed to establish a new connection: [Errno -3] Try again'))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hello @hain3d, welcome to the Let's Encrypt community. :slightly_smiling_face:

Please see Rate Limits - Let's Encrypt
Testing and debugging are best done using the Staging Environment

2 Likes

This sounds like you are having trouble connecting to Let's Encrypt. Is your Home Assistant running on a home network? Do you have any type of outbound network filtering? Can you visit https://acme-v02.api.letsencrypt.org/ successfully from another computer on the same network?

4 Likes

Thank you very much, @mcpherrinm
Yes, I have trouble when I reinstall Home Assistant OS on Promox, because the previous HassOS on Vitual Box seem to be unstable. With my domain duckdns on previous HassOS on Virtual Box, I successful connected to HassOS. But when I move to HassOS on Proxmox (on Debian 11), I have changed my duckdns domain and after starting DuckDNS, Nginx and Let's Enscript, I got error on the log, and could not connect to HassOS by my new duckdns domain. And then I tried to fix it, that may cause the rate limits error! At that time I have known about that, poor me :frowning:
May I have to wait to reorder to be successful? Because I have some troubles with Accu Weather for restarting HassOS so many times when I was working with HassOS. After some days not use Accu Weather, and start HassOS, it worked again!

1 Like

Thank you very much @Bruce5051
That is my fault, I did not know that when I start the add-on so many times, it send the orders.
I will read 2 links you give me, and try to resolve it.

3 Likes

Your system cannot be reached with HTTP (port 80). You should focus on getting that to work first. The Let's Debug test site is often helpful when setting up new systems. Once Let's Debug reports success then try getting a cert again.

I see you have port 443 open (for HTTPS) but your server sends out a self-signed cert which looks like a default for your router. I am not familiar with that router but once you have HTTP working and get a cert you will need to reconfigure to use that cert. A site like this SSL Decoder is helpful to view the cert your system sends out.

Certificate chain
 0 s:/C=TW/ST=HsinChu/L=HuKou/O=DrayTek Corp./OU=DrayTek Support/CN=Vigor Router
   i:/C=TW/ST=HsinChu/L=HuKou/O=DrayTek Corp./OU=DrayTek Support/CN=Vigor Router
4 Likes

Oh, @MikeMcQ, thank you very much.
Should I have to Port Trigering my HassOS IP with 8123 - 80 (incoming port)?
Or 80 - 80 for Let's Encript? I am a newbie for that port triggering.
Because my router not allow to 443 - 443, so I have to port triggering 8123 - 443, and after I open port 80 sometime in the previous duckdns, I could use my duckdns connect to HassOS like myxxx.duckdns.org:8123.

1 Like

I am not familiar with your equipment. But, HTTP (port 80) requests to your domain are not working. The Let's Encrypt HTTP Challenge requires that to work. You can redirect that initial request to other HTTP or HTTPS locations but you cannot use alternate ports. See HERE for more

If port 80 is not possible you could consider the DNS challenge. This is often harder to automate. I don't believe certbot has support for duckdns but the acme.sh ACME client has a plug-in for that. I have never used it myself but perhaps checking their github will help. See mcpherrinm post next for much better idea for DuckDNS integration.

4 Likes

There is a dedicated DuckDNS addon for Home Assistant that includes getting certificates.

5 Likes

A post was split to a new topic: How can I run certbot behind nginx proxy [within Docker]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.