ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Connection refused

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 900730.xyz

I ran this command: Add SSL Certificate

It produced this output:
stdout: [4/15/2024] [3:34:28 AM] [Global ] › :information_source: info Using Sqlite: /data/database.sqlite
stdout: [4/15/2024] [3:34:32 AM] [Migrate ] › :information_source: info Current database version: none
stdout: [4/15/2024] [3:34:32 AM] [Setup ] › :information_source: info Logrotate Timer initialized
stdout: [4/15/2024] [3:34:32 AM] [Global ] › ⬤ debug CMD: logrotate /etc/logrotate.d/nginx-proxy-manager
stdout: [4/15/2024] [3:34:32 AM] [Setup ] › :information_source: info Logrotate completed.
stdout: [4/15/2024] [3:34:32 AM] [IP Ranges] › :information_source: info Fetching IP Ranges from online services...
stdout: [4/15/2024] [3:34:32 AM] [IP Ranges] › :information_source: info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
stdout: [4/15/2024] [3:34:32 AM] [IP Ranges] › :heavy_multiplication_x: error
stdout: [4/15/2024] [3:34:32 AM] [SSL ] › :information_source: info Let's Encrypt Renewal Timer initialized
stdout: [4/15/2024] [3:34:32 AM] [SSL ] › :information_source: info Renewing SSL certs expiring within 30 days ...
stdout: [4/15/2024] [3:34:32 AM] [IP Ranges] › :information_source: info IP Ranges Renewal Timer initialized
stdout: [4/15/2024] [3:34:32 AM] [Global ] › :information_source: info Backend PID 150 listening on port 3000 ...
stdout: [4/15/2024] [3:34:32 AM] [SSL ] › :information_source: info Completed SSL cert renew process
stdout: [4/15/2024] [3:36:19 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
stdout: [4/15/2024] [3:36:19 AM] [Nginx ] › :information_source: info Reloading Nginx
stdout: [4/15/2024] [3:36:19 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload
stdout: [4/15/2024] [3:36:19 AM] [Certbot ] › :arrow_forward: start Installing cloudflare...
stdout: [4/15/2024] [3:36:19 AM] [Global ] › ⬤ debug CMD: . /opt/certbot/bin/activate && pip install --no-cache-dir cloudflare acme==$(certbot --version | grep -Eo '0-9+') certbot-dns-cloudflare==$(certbot --version | grep -Eo '0-9+') && deactivate
stdout: [4/15/2024] [3:36:23 AM] [Certbot ] › ☒ complete Installed cloudflare
stdout: [4/15/2024] [3:36:23 AM] [SSL ] › :information_source: info Requesting Let'sEncrypt certificates via Cloudflare for Cert #14: 900730.xyz
stdout: [4/15/2024] [3:36:23 AM] [SSL ] › :information_source: info Command: mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo '# Cloudflare API token
stdout: dns_cloudflare_api_token = NY52gAcCGRlgUvTDkqka5xBpEs86kaL7gMqvJ0zA' > '/etc/letsencrypt/credentials/credentials-14' && chmod 600 '/etc/letsencrypt/credentials/credentials-14' && && certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-14" --agree-tos --email "shenpvip@gmail.com" --domains "900730.xyz" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-14"
stdout: [4/15/2024] [3:36:23 AM] [Global ] › ⬤ debug CMD: mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo '# Cloudflare API token
stdout: dns_cloudflare_api_token = NY52gAcCGRlgUvTDkqka5xBpEs86kaL7gMqvJ0zA' > '/etc/letsencrypt/credentials/credentials-14' && chmod 600 '/etc/letsencrypt/credentials/credentials-14'
stdout: [4/15/2024] [3:36:23 AM] [Global ] › ⬤ debug CMD: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-14" --agree-tos --email "shenpvip@gmail.com" --domains "900730.xyz" --authenticator dns-cloudflare --dns-cloudflare-credentials "/etc/letsencrypt/credentials/credentials-14"
stdout: [4/15/2024] [3:36:24 AM] [Global ] › ⬤ debug CMD: rm -f '/etc/letsencrypt/credentials/credentials-14' || true
stdout: [4/15/2024] [3:36:24 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
stdout: [4/15/2024] [3:36:24 AM] [Nginx ] › :information_source: info Reloading Nginx
stdout: [4/15/2024] [3:36:24 AM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload
stdout: [4/15/2024] [3:36:25 AM] [Express ] › :warning: warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
stdout: An unexpected error occurred:
stdout: ValueError: Requesting acme-v02.api.letsencrypt.org/directory: Connection refused
stdout: Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
stdout:

My web server is (include version): old laptop

The operating system my web server runs on is (include version): win10 hyper-v iStoreOS

My hosting provider, if applicable, is: cloudlfare

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
iStoreOS
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

image

2

Hi @shenpvip, and welcome to the LE community forum :slight_smile:

I'd start by checking the outbound firewall rules.

2 Likes
3

image
image715×99 75.6 KB

Is that so?

4

That looks fine.

Since this is running inside a Windows VM, are you sure Windows is allowing it access to the Internet?
What does the Windows firewall look like?
What does the routing in the Windows host look like?

2 Likes
5

image
I have enabled all services related to Hyper-V.
How can one access the routing information in Windows?

6

I endeavored to disable the Windows Firewall, yet the same error persists.

7

netstat -nr

2 Likes
8

within the istoreos, what shows?:
curl -4 ifconfig.me

2 Likes
9

image
ipv4

10

image
ipv6

11

image

13

hmm...
within the istoreos, what shows?:
curl -6 ifconfig.me
curl -4 http://acme-v02.api.letsencrypt.org/directory
curl -6 http://acme-v02.api.letsencrypt.org/directory
curl -4 https://acme-v02.api.letsencrypt.org/directory
curl -6 https://acme-v02.api.letsencrypt.org/directory

2 Likes
14

image

15

It looks like although istoreos has IPv6 enabled and prefers it, the IPv6 path is not configured for it [it is unusable].

You can either:

Then there is also a problem reaching the LE API endpoint.
What shows?:
curl -4 www.google.com

3 Likes
17

Sorry, I posted HTTP links and they should have been HTTPS links.

What shows?:
curl -4 https://acme-v02.api.letsencrypt.org/directory
curl -6 https://acme-v02.api.letsencrypt.org/directory

[previous post was updated]

3 Likes
18

image
image803×326 91.8 KB

I turned off ipv6

1 Like
19

That looks better.
Try again to get a cert now.

2 Likes
20

The error remains unchanged despite this action.
image

21

This error is not visible in the picture.
Please show more of that error message OR copy/paste the text.
The previous message showed "connection refused".

2 Likes
22

The error remains consistent with the description in my original statement.