Timeout error when trying to renew certificates


#1

My domain is: leagueofgraphs.com (and porofessor.gg. Both are on the same server. But it wasn’t a problem for letsencrypt before)

I ran this command: /usr/bin/letsencrypt renew

It produced this output:
Processing /etc/letsencrypt/renewal/leagueofgraphs.com.conf
2018-05-15 19:43:04,879:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/leagueofgraphs.com.conf produced an unexpected error: Failed authorization procedure. www.leagueofgraphs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout after connect (your server may be slow or overloaded), leagueofgraphs.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout after connect (your server may be slow or overloaded). Skipping.
Processing /etc/letsencrypt/renewal/porofessor.gg.conf
2018-05-15 19:43:22,947:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/porofessor.gg.conf produced an unexpected error: Failed authorization procedure. porofessor.gg (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout after connect (your server may be slow or overloaded). Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/leagueofgraphs.com/fullchain.pem (failure)
/etc/letsencrypt/live/porofessor.gg/fullchain.pem (failure)
2 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: porofessor.gg
    Type: connection
    Detail: Timeout after connect (your server may be slow or
    overloaded)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

  • The following errors were reported by the server:

    Domain: www.leagueofgraphs.com
    Type: connection
    Detail: Timeout after connect (your server may be slow or
    overloaded)

    Domain: leagueofgraphs.com
    Type: connection
    Detail: Timeout after connect (your server may be slow or
    overloaded)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is : Apache 2.4

The operating system my web server runs on is: Ubuntu 16.04.3

I can login to a root shell on my machine (yes or no, or I don’t know): yes (I launched the command as root)

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I’ve tried without any iptables rules to make sure it was not blocking anything… It wasn’t.

Thanks for your help guys.


#2

Hi @trebonius,

Hmmm, those services look OK to me.

Could you try again? If you still have trouble, we could try to get some Let’s Encrypt ops people to see if there might be a routing or firewall problem.

I’m assuming you don’t have any geographic IP blocking installed anywhere in your environment?


#3

I tried again.
It worked for porofessor.gg and, after a few attempts, it worked for porofessor.gg but not for leagueofgraphs.com

And now it seems I’m rate limited :confused:
2018-05-15 20:01:50,107:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/leagueofgraphs.com.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.

And no I don’t have any geographic ip blocking


#4

That rate limit will expire after an hour. I’m not sure what could be causing the timeout errors!


#5

After trying again, certificate was properly renewed for leagueofgraphs too.

Not sure what happened

Thanks for your help :slight_smile:


#6

Maybe there was an ephemeral spike in traffic at your ISP or at some ISP in between, for example due to a denial of service attack or some particular user activity?

I’m glad it eventually started working again!