Trying to enable https with certbot

Help
1

I 'm trying to enable the https with the certbot.

I ran this command:
sudo certbot --nginx

It produced this output (part of it ):
requests.exceptions.ConnectionError: HTTPSConnectionPool(host=‘acme-staging-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7ff40b4e0e80>: Failed to establish a new connection: [Errno 101] Network is unreachable’,))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 429, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1154, in renew_cert
le_client = _init_le_client(config, auth, installer)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 649, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 239, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 50, in acme_from_config_key
return acme_client.BackwardsCompatibleClientV2(net, key, config.server)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 721, in init
directory = messages.Directory.from_json(net.get(server).json())
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1054, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1026, in _send_request
raise ValueError(“Requesting {0}{1}:{2}”.format(host, path, err_msg))
ValueError: Requesting acme-staging-v02.api.letsencrypt.org/directory: Network is unreachable

My web server is (include version):
Nginx

The operating system my web server runs on is (include version):
Debian 9 (VM)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes, ssh.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Certbot 0.25.0

This is not a problem with my network, when i make a request with python (requests.get) or curl/wget everything works fine.

2

Makes me immediately suspect that it is trying to go out via IPv6, but your machine lacks functional IPv6 networking.

Dual-stack behavior can vary depending on how the program is written.

I would first try to see where it is trying to connect. You can try a dummy invocation like:

sudo strace -fff -e trace=connect \
certbot certonly --standalone -d blablaexample.com -n --agree-tos \
--manual-public-ip-logging-ok --register-unsafely-without-email --staging \
2>&1 | grep "sin_port=htons(443)"

and see what IPs it spits out.

3

Hey, i used this command and this is the output i got:
connect(7, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("")}, 16) = 0
connect(7, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("")}, 16) = -1 EINPROGRESS (Operation now in progress)

I searched for some articles in the google and found that: when connection() function returns -1 means that my server is not listening in the 443 port ?

i make a `nmap <myhost>` and show that port 443 is open

    Host is up (0.011s latency).
    Not shown: 995 filtered ports
    PORT    STATE  SERVICE
    21/tcp  closed ftp
    22/tcp  open   ssh
    53/tcp  closed domain
    80/tcp  open   http
443/tcp open   https
Nmap done: 1 IP address (1 host up) scanned in 9.64 seconds
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.