Unable to renew cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:portal.ieol.com.my

I ran this command:./letsencrypt-auto renew

It produced this output:
WARNING: unable to check for updates.
/opt/eff.org/certbot/venv/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python versio. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/portal.ieol.com.my.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Attempting to renew cert (portal.ieol.com.my) from /etc/letsencrypt/renewal/portal.ieol.com.my.conf produced an unexpected error: HTTPSConnectionPool(host=‘acme-v02.apiry (Caused by NewConnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x2f26050>: Failed to establish a new connection: [Errno -2] Name or service not
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/portal.ieol.com.my/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/portal.ieol.com.my/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version):

The operating system my web server runs on is (include version):centos61

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


Can you try to manually check if api endpoint is accessible from your machine?
Try dig acme-v02.api.letsencrypt.org and curl https://acme-v02.api.letsencrypt.org/directory

Also, your Python version is being depreciated, could you please consider upgrade to a newer version? (Like Python3)

Thank you

1 Like

Thanks Stevenzhu… below are the output… we have been renewing the cert every 3 months without problem since few years back

[root@centos61 ~]# dig acme-v02.api.letsencrypt.org

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> acme-v02.api.letsencrypt.org
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@centos61 ~]# curl https://acme-v02.api.letsencrypt.org/directory
curl: (6) Couldn’t resolve host ‘acme-v02.api.letsencrypt.org
[root@centos61 ~]#


The output you provided means you’ve got a network issue, since dig can’t even reach DNS servers.
Please contact your IT department and try to resolve this.

P.S. The error message certbot-auto provided means there’s some issue with your internet, so they can’t reach the api endpoint.

Thank you

Hi Stevenzhu ,

I have checked with our network. We can ping and google.com. Look like there is no issue with the network.



In this case, can you try to run dig Google.com and the command I had requested before?


Hi Stevenzhe,

No luck

; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>> www.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@centos61 certbot]# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=56 time=21.5 ms
64 bytes from icmp_seq=2 ttl=56 time=21.6 ms
64 bytes from icmp_seq=3 ttl=56 time=21.7 ms
— ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2307ms
rtt min/avg/max/mdev = 21.531/21.632/21.767/0.196 ms

Is curl google.com also failed?
Have you checked your resolv.conf file? I messed up my server once by setting an incorrect entry…

You can try this, but please do make backup and know what you are doing before executing any commands: https://serverfault.com/questions/335359/how-is-it-possible-that-i-can-do-a-host-lookup-but-not-a-curl

1 Like

Thanks Stevenzhu,

It works after I changed nameserver to in resolv.conf.

Thanks again


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.