Won't able to get certificates status

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
certbot certificates --apache
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
OCSP check failed for /etc/letsencrypt/live/arch.xnat.vanderbilt.edu/cert.pem (are we offline?)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 421, in _make_request
six.raise_from(e, None)
File "", line 3, in raise_from
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 416, in _make_request
httplib_response = conn.getresponse()
File "/usr/lib/python3.8/http/client.py", line 1348, in getresponse
File "/usr/lib/python3.8/http/client.py", line 316, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.8/http/client.py", line 277, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.8/socket.py", line 669, in readinto
return self._sock.recv_into(b)
TimeoutError: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 400, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3/dist-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 423, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 347, in _raise_timeout
raise ReadTimeoutError(
urllib3.exceptions.ReadTimeoutError: HTTPConnectionPool(host='r3.o.lencr.org', port=80): Read timed out. (read timeout=None)

My web server is (include version):
chrome 114
The operating system my web server runs on is (include version):
ubuntu 20
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

Please uninstall that old version and follow the recommended installation:
Certbot Instructions | Certbot (eff.org)


Well, that might help some things, but in this case

Makes me think that the issue is just that the server doesn't have outbound Internet access.


Make sense, so I need to let IT to allow outbound internet access to host='r3.o.lencr.org', port=80?

Btw, if I reinstall the certbot, will this affect the current certs?

Well, for now, but that URL is likely to change in the future as Let's Encrypt uses different intermediates. How much do you need to lock down outbound access? Can you allow it to anything within the lencr.org and letsencrypt.org domains?

As long as /etc/letsencrypt is still there, you should be able to install and reinstall certbot as much as you want.


After I update the certbot, it works. Thank you.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.