Server timeout after force renewal


#1

This morning I forced renewal on all of my certs. After that all https give server timeout. sites without certs load properly. I am considering uninstalling LE and then reinstalling, but that would be a job creating all of those certs again.

l a k e s e r v e r s dotcom

I noticed that LE says
tcp6 0 0 :::443 :::* LISTEN 13998/httpd

I dont use ipv6 and do not have ip6 addresses on my dns record. Could this be the problem? I have been using LE for months with no problem.


#2

Even if you don’t have public IPv6 addresses, Linux will still use IPv6 loopback and link-local addresses. That should be fine, for the most part, unless you have problems elsewhere.

Have you checked the logs for your web server? There might be some information in there as to why you are experiencing issues.

Also, can you answer the following questions that will help others help you?

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

WEBSITE… L a k e s e r v e r s dotcom
NO COMMANDS
NO OUTPUT
Apache 2.4.26
CENTOS 7
LINODE
CAN LOGIN
USING CENTOS CWP CONTROL PANEL


#4

If you didn’t run a command, then how did you force renew the certificates?


#5

Control panel centos cwp. They all renewed, but https sites wont respond
after renewal.


#6

Not sure what the problem was…but its working now. DNS propagation.??..network issues??

However 6 domains did not renew while 15 others did renew. Not sure why only some renewed.


#7

I don’t know if your control panel offers you logs from the commands that it ran behind the scenes, but it looks like it could be very helpful to find those logs if at all possible.


#8

How can I get the remaining 6 domains to renew? I tried certbot but got no such command message.


#9

It looks like the control panel you are using doesn’t use CertBot. This is okay, but you will probably need to ask in the support forums for the control panel you are using, as it’s very unlikely anyone here will be an expert in that system.


#10

ok. thanks. Still cant figure out why some renewed. Maybe its a time restriction. less than 10 days


#11

I don’t know if this is related, but I’m trying to renew a cert (hmcinq.com) on Ubuntu 16.04 using certbot and get:

Processing /etc/letsencrypt/renewal/www.hmcinq.com.conf
Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Attempting to renew cert from /etc/letsencrypt/renewal/www.hmcinq.com.conf produced an unexpected error: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45). Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.hmcinq.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

If I try just visiting https://acme-v01.api.letsncrypt.org/ in my web browser I get:

An error occurred while processing your request.
Reference #97.b7fd4317.1500325496.5831fed

If I test it in curl I get:

curl https://acme-v01.api.letsencrypt.org -I
HTTP/1.1 504 Gateway Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 176
Expires: Mon, 17 Jul 2017 21:11:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 17 Jul 2017 21:11:43 GMT
Connection: keep-alive

If I ping it it seems up:

PING acme-v01.api.letsencrypt.org (184.86.144.61) 56(84) bytes of data.
64 bytes from acme-v01.api.letsencrypt.org (184.86.144.61): icmp_seq=1 ttl=55 time=38.2 ms
64 bytes from acme-v01.api.letsencrypt.org (184.86.144.61): icmp_seq=2 ttl=55 time=38.2 ms

Visiting status.letsencrypt.org does show the staging server is currently down, but claims acme-v01 is up?
Is it?


#12

same here. acme-v01 returns 504.


#13

Ah, and now they’ve updated https://letsencrypt.status.io/ to show at least one of the live datacenters is down.


#14

Apparently there was a recent service outage which should now have ended.


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.