Unable to install certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

snap install --classic certbot

It produced this output:

snap install --classic certbot

error: cannot install "certbot": Post "https://api.snapcraft.io/v2/snaps/refresh": dial tcp: lookup
api.snapcraft.io on [::1]:53: read udp [::1]:57459->[::1]:53: read: connection refused

My web server is (include version):

The operating system my web server runs on is (include version): RHEL 7.9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NA

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Welcome @Mansi

That looks like your system is not resolving DNS queries. What happens with this

curl -I http://google.com 

I cannot resolve google but able to do it for my URL. This system is not internet facing.

[root@mummyspdsrv01 ~]# curl -I http://google.com
curl: (6) Could not resolve host: google.com; Unknown error

[root@mummyspdsrv01 ~]# curl -I https://mumbai.myspeed.vodafoneidea.com/
HTTP/1.1 200 OK
Date: Wed, 03 Jan 2024 04:00:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Last-Modified: Fri, 14 Jul 2023 10:47:00 GMT
ETag: "1964-600702b200c0c"
Accept-Ranges: bytes
Content-Length: 6500
Content-Type: text/html; charset=UTF-8

You have new mail in /var/spool/mail/root

Can I install certbot from the OS repository? Would there be any difference in function?

Certbot needs to use the public internet to reach the Let's Encrypt API to request a certificate. You must have at least outbound access to use Let's Encrypt certs.

There are ways to get certs for servers running on private networks. But, LE is not one of them.

An inbound connection to your server is also often used. But, is not required. You could use a DNS Challenge. But, an outbound connection is still necessary to make the initial cert request from your system.


Do you own that domain name? What do you mean by "not internet facing"?


I do have a proxy server that enables me to get latest server patches from Redhat.
Can I use it in any way?

The Mgmt IP does not has direct internet access (from where I login to the server) but we have Natted IP enabled from firewall end that allows internet access (only for Application purpose).

But to install Centbot or further certificate generation I cannot use internet directly. We do have a proxy server in between our server and firewall (physical).

You will get an older version. It should work fine.


ok, let me try installing it from the OS repo.

You obviously would also need an internet connection for installing using the OS repo and beyond that, as mentioned already, also for actually using Certbot.

Note that to get a certificate, one or more challenges need to be validated, which would require either incoming access to port 80 or port 443 or controle over the DNS zone of your domain name.


I have proxy server that helps me with the repository. I was able to install Python2 and Certbot.

# rpm -qa certbot

Port 443 opened for http service.

Listen 443 https

You may also need to instruct certbot to use the proxy server to reach LE.
[not sure if/how that can/would be done]


Can you guide me where exactly I can add the proxy details for it to use in http?

Sorry, I don't know of any way of forcing certbot to use a proxy.


Python 2? :scream:

We're at Python 3 for quite some time already, Python 2 is ancient.

Not in Certbot directly, but it should use the common proxy environment variables.


Actually certbot had a dependency to install python2...so accordingly I installed python2 on the system.

Wow... Ok...


Yup... Ancient!


I used the command to generate the certificate but getting below error. The service is actually running on http and not apache. Is there a separate command for http?

# systemctl status httpd.service

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-11-07 19:33:32 IST; 1 months 26 days ago
     Docs: man:httpd(8)
 Main PID: 1433 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           β”œβ”€ 1433 /usr/sbin/httpd -DFOREGROUND
           β”œβ”€ 3976 /usr/sbin/httpd -DFOREGROUND
           β”œβ”€ 6059 /usr/sbin/httpd -DFOREGROUND
           β”œβ”€ 6073 /usr/sbin/httpd -DFOREGROUND
           β”œβ”€ 8582 /usr/sbin/httpd -DFOREGROUND

# certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested apache plugin does not appear to be installed
You have mail in /var/spool/mail/root

# cat /var/log/letsencrypt/letsencrypt.log

2024-01-03 19:00:40,587:DEBUG:certbot._internal.main:certbot version: 1.11.0
2024-01-03 19:00:40,587:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2024-01-03 19:00:40,587:DEBUG:certbot._internal.main:Arguments: ['--apache']
2024-01-03 19:00:40,587:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-01-03 19:00:40,611:DEBUG:certbot._internal.log:Root logging level set at 20
2024-01-03 19:00:40,611:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2024-01-03 19:00:40,612:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-01-03 19:00:40,612:DEBUG:certbot._internal.plugins.selection:No candidate plugin
2024-01-03 19:00:40,612:DEBUG:certbot._internal.plugins.selection:Selected authenticator None and installer None