SSL renew issue

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://apis.ideationtec.com/

I ran this command: sudo certbot renew

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/apis.ideationtec.com.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Failed to renew certificate apis.ideationtec.com with error: ('Connection aborted.', error(101, 'Network is unreachable'))

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
** /etc/letsencrypt/live/apis.ideationtec.com/fullchain.pem (failure)**
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

My web server is (include version): apache2

The operating system my web server runs on is (include version): centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Show me the output of

curl -vvv https://acme-v02.api.letsencrypt.org/directory

1 Like

[root@apis ~]# curl -v https://acme-v02.api.letsencrypt.org/directory

Are you sure your server is online?

It smells like network misconfiguration or overzealous firewall.

1 Like

Try curl -v4 https://acme-v02.api.letsencrypt.org/directory, might be an IPv6 issue.

1 Like

It looks like it's both

1 Like

yes server is online ping is working traceroute is attached.

82.178.159.61 isn't Let's Encrypt. It belongs to some ISP from Oman.

Try:

traceroute --icmp acme-v02.api.letsencrypt.org

traceroute --tcp acme-v02.api.letsencrypt.org (this might need sudo)

2 Likes

True true. I see it now. Although the errors are different.

3 Likes