Server timeout after force renewal

pixelpadre · July 17, 2017, 1:47pm

This morning I forced renewal on all of my certs. After that all https give server timeout. sites without certs load properly. I am considering uninstalling LE and then reinstalling, but that would be a job creating all of those certs again.

l a k e s e r v e r s dotcom

I noticed that LE says
tcp6 0 0 :::443 :::* LISTEN 13998/httpd

I dont use ipv6 and do not have ip6 addresses on my dns record. Could this be the problem? I have been using LE for months with no problem.

motoko · July 17, 2017, 2:33pm

Even if you don't have public IPv6 addresses, Linux will still use IPv6 loopback and link-local addresses. That should be fine, for the most part, unless you have problems elsewhere.

Have you checked the logs for your web server? There might be some information in there as to why you are experiencing issues.

Also, can you answer the following questions that will help others help you?

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

pixelpadre · July 17, 2017, 2:51pm

WEBSITE… L a k e s e r v e r s dotcom
NO COMMANDS
NO OUTPUT
Apache 2.4.26
CENTOS 7
LINODE
CAN LOGIN
USING CENTOS CWP CONTROL PANEL

motoko · July 17, 2017, 5:44pm

If you didn’t run a command, then how did you force renew the certificates?

pixelpadre · July 17, 2017, 5:56pm

Control panel centos cwp. They all renewed, but https sites wont respond
after renewal.

pixelpadre · July 17, 2017, 7:46pm

Not sure what the problem was…but its working now. DNS propagation.??..network issues??

However 6 domains did not renew while 15 others did renew. Not sure why only some renewed.

schoen · July 17, 2017, 7:49pm

I don’t know if your control panel offers you logs from the commands that it ran behind the scenes, but it looks like it could be very helpful to find those logs if at all possible.

pixelpadre · July 17, 2017, 7:57pm

How can I get the remaining 6 domains to renew? I tried certbot but got no such command message.

motoko · July 17, 2017, 8:03pm

It looks like the control panel you are using doesn’t use CertBot. This is okay, but you will probably need to ask in the support forums for the control panel you are using, as it’s very unlikely anyone here will be an expert in that system.

pixelpadre · July 17, 2017, 8:16pm

ok. thanks. Still cant figure out why some renewed. Maybe its a time restriction. less than 10 days

zhoujianfu · July 17, 2017, 9:17pm

I don't know if this is related, but I'm trying to renew a cert (hmcinq.com) on Ubuntu 16.04 using certbot and get:

Processing /etc/letsencrypt/renewal/www.hmcinq.com.conf
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Attempting to renew cert from /etc/letsencrypt/renewal/www.hmcinq.com.conf produced an unexpected error: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Read timed out. (read timeout=45). Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.hmcinq.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

If I try just visiting https://acme-v01.api.letsncrypt.org/ in my web browser I get:

An error occurred while processing your request.
Reference #97.b7fd4317.1500325496.5831fed

If I test it in curl I get:

curl https://acme-v01.api.letsencrypt.org -I
HTTP/1.1 504 Gateway Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 176
Expires: Mon, 17 Jul 2017 21:11:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 17 Jul 2017 21:11:43 GMT
Connection: keep-alive

If I ping it it seems up:

PING acme-v01.api.letsencrypt.org (184.86.144.61) 56(84) bytes of data.
64 bytes from acme-v01.api.letsencrypt.org (184.86.144.61): icmp_seq=1 ttl=55 time=38.2 ms
64 bytes from acme-v01.api.letsencrypt.org (184.86.144.61): icmp_seq=2 ttl=55 time=38.2 ms

Visiting status.letsencrypt.org does show the staging server is currently down, but claims acme-v01 is up?
Is it?

DrWhoZee · July 17, 2017, 9:22pm

same here. acme-v01 returns 504.

zhoujianfu · July 17, 2017, 9:25pm

Ah, and now they’ve updated https://letsencrypt.status.io/ to show at least one of the live datacenters is down.

schoen · July 17, 2017, 10:17pm

Apparently there was a recent service outage which should now have ended.

system · August 16, 2017, 10:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Renewal Problems Help	4	2392	May 24, 2019
Unable to renew cert recently Help	13	780	December 2, 2021
Certificate Renewal Help - Works once in a while Help	1	937	July 28, 2017
Renewal redirect help Help	6	1602	April 2, 2020
Getting new timeout errors during renewal as of a month ago (setup previously was working) Help	20	1610	December 2, 2021

Server timeout after force renewal

Related topics