Requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7ff299f5b850>

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

cutegirlsinshorts.org

I ran this command:

certbot certonly

It produced this output:

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7feb86ee24a0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution'))

My web server is (include version):

OpenLiteSpeed 1.7.16

The operating system my web server runs on is (include version):

Linux
#1 SMP Thu Dec 15 20:31:06 MSK 2022

My hosting provider, if applicable, is:

OpenLiteSpeed (EC2 Instance launched on AWS)

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1.21.0

p.s. I went to https://check-host.net/ and tried all the tabs. They all responded with normal statuses. But when I went to try the "Ping" tab, all results came up as "Result 0/4 traceroute"

Hi @bobbb23332,

This error suggests that your server can't make the necessary outgoing connection to the Let's Encrypt API server. Can you think of a reason why that could be? Is there any firewall or configuration that you would expect to be blocking outgoing connections from your server?

Can you try something like this?

curl -v https://acme-v02.api.letsencryp.org/directory

I commonly see such DNS resolving errors by misconfigured Docker instances.

Could it be the EC2 instance? Does the EC2 have the ability to block these operations coming from this server? If so then maybe it can be a port forwarding issue I don't know. I checked security groups and ports 22, 80 and 443 are all allowed.

I ran curl -v https://acme-v02.api.letsencryp.org/directory and this is the result:

* Could not resolve host: acme-v02.api.letsencryp.org
* Closing connection 0
curl: (6) Could not resolve host: acme-v02.api.letsencryp.org

Oops, try again with the missing t in letsencrypt added?

Try it this way:
curl -v https://acme-v02.api.letsencrypt.org/directory

I received this:

• Could not resolve host: acme-v02.api.letsencrypt.org
• Closing connection 0
  curl: (6) Could not resolve host: acme-v02.api.letsencrypt.org

Please fix your systems DNS resolving capabilities and try again after DNS has been fixed.

Is this what you are talking about? I have these DNS settings set where my domain was bought from:

image1216×279 11 KB

No, that's the DNS settings for your domain. That's something else than the DNS resolving capabilities of a system. See for example stuff like curl - amazon ec2 instance unable to resolve host - Stack Overflow

So I'm guessing the area I need to be checking is the server of the VPS? I bought this from OpenLiteSpeed which is the VPS hoster which I used to launch an EC2 instance. Is this where I should fix the DNS resolving issues ?

Probably.

(oops!)

I have found the reason for this, my AWS account services was limited by the AWS support team due to a recent compromise in security credentials. Kind of a bummer that they don't explicitly mentioned the services that were affected! It is working now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.