Unable to generate certificate

Hi there,

I am trying to generate a certificate for one of our clients but am getting the following error (full log generated by certbot):

--------------------- LOG START --------------------
2022-10-04 19:54:14,031:DEBUG:certbot._internal.main:certbot version: 1.30.0
2022-10-04 19:54:14,032:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2022-10-04 19:54:14,032:DEBUG:certbot._internal.main:Arguments: ['--webroot', '--webroot-path=/data/letsencrypt', '--cert-name', '<my-subdomain>', '-d', '<my-subdomain>']
2022-10-04 19:54:14,032:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-10-04 19:54:14,048:DEBUG:certbot._internal.log:Root logging level set at 30
2022-10-04 19:54:14,049:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2022-10-04 19:54:14,052:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7efec12cc970>
Prep: True
2022-10-04 19:54:14,052:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7efec12cc970> and installer None
2022-10-04 19:54:14,053:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2022-10-04 19:54:21,864:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-10-04 19:54:21,867:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2022-10-04 19:54:21,872:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 174, in _new_conn
    conn = connection.create_connection(
  File "/usr/local/lib/python3.8/site-packages/urllib3/util/connection.py", line 72, in create_connection
    for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
  File "/usr/local/lib/python3.8/socket.py", line 918, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name does not resolve
 
During handling of the above exception, another exception occurred:
 
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1042, in _validate_conn
    conn.connect()
 File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 358, in connect
    self.sock = conn = self._new_conn()
  File "/usr/local/lib/python3.8/site-packages/urllib3/connection.py", line 186, in _new_conn
    raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7efec14ac700>: Failed to establish a new connection: [Errno -2] Name does not resolve
 
During handling of the above exception, another exception occurred:
 
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 489, in send
    resp = conn.urlopen(
  File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 787, in urlopen
    retries = retries.increment(
  File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7efec14ac700>: Failed to establish a new connection: [Errno -2] Name does not resolve'))
 
During handling of the above exception, another exception occurred:
 
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
  File "/opt/certbot/src/certbot/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1744, in main
    return config.func(config, plugins)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1573, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 827, in _init_le_client
    acc, acme = _determine_account(config)
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 735, in _determine_account
    acc, acme = client.register(
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 216, in register
    acme = acme_from_config_key(config, key)
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 76, in acme_from_config_key
    client = acme_client.BackwardsCompatibleClientV2(net, key, config.server)
  File "/opt/certbot/src/acme/acme/client.py", line 891, in __init__
    directory = messages.Directory.from_json(net.get(server).json())
  File "/opt/certbot/src/acme/acme/client.py", line 1256, in get
    self._send_request('GET', url, **kwargs), content_type=content_type)
  File "/opt/certbot/src/acme/acme/client.py", line 1194, in _send_request
    response = self.session.request(method, url, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 565, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7efec14ac700>: Failed to establish a new connection: [Errno -2] Name does not resolve'))
2022-10-04 19:54:21,875:ERROR:certbot._internal.log:An unexpected error occurred:
2022-10-04 19:54:21,875:ERROR:certbot._internal.log:requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7efec14ac700>: Failed to establish a new connection: [Errno -2] Name does not resolve'))
--------------------- LOG END --------------------

This is the shell script I am using for generation:

--------------------- SCRIPT START --------------------
docker run -it --rm \
    -v /opt/common/nginx/ssl/certs:/etc/letsencrypt \
    -v /opt/common/nginx/ssl/certs-data:/data/letsencrypt \
    -v /opt/common/letsencrypt/log:/var/log/letsencrypt \
    certbot/certbot certonly \
    --webroot --webroot-path=/data/letsencrypt \
    --cert-name <my-subdomain> \
        -d <my-subdomain>
 
docker restart nginx
--------------------- SCRIPT END --------------------

The server were the script is being executed has access to https://acme-v02.api.letsencrypt.org.

According to https://letsdebug.net/, my subdomain is being reached.

I really need you guys help on this.

Thank you

1 Like

It looks like your Docker installation doesn't have functioning DNS.

To confirm this, you could try change your command from:

to

docker run --dns 1.1.1.1 -it --rm
6 Likes

Thank you so much @_az it worked!

Strangely, when I access another container on the same Docker instance (other than certbot/certbot) and ping "acme-v02.api.letsencrypt.org" it translates correctly, so I assumed my Docker DNS settings were working correctly and that was not the reason for the problem.

Since all containers use Docker's default DNS server, can you help me find a reasonable explanation for this behaviour?

Thank you

1 Like

I'm not sure. Back when I had a Linux laptop with Docker, I'd occasionally observe the same thing on new containers. I'd have to restart the Docker daemon to get things going again. :person_shrugging: .

4 Likes

Really strange then, since before I posted this topic I already tried restarting Docker with no avail.

Solved, thank you!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.