DO - Unable to renew LetsEncrypt
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

DO - Unable to renew LetsEncrypt

plumbergplumberg Member

I am trying to renew my SSL certificate (which has expired last week) using Certbot

raise ConnectionError(e, request=request)
ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port443): >     Max retries exceeded with url: /directory (Caused by 
NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection >     object at 0x7f55200944d0>: Failed to establish a new connection: [Errno -3] Temporary >     failure in name resolution',))

Also, if I do ping 8.8.8.8, it works. However, ping google.com, nothing comes up.

ping acme-v01.api.letsencrypt.org does not work. But ping 104.99.153.11 (this IP is returned for acme-v01 from another system), and it responds.

I checked iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

How/ what else do I need to check what is stopping my DO droplet from renewal?

Thanks!

Comments

  • PremiumFast_NetPremiumFast_Net Member, Provider

    Can you show output this command?

    cat /etc/resolv.conf

  • plumbergplumberg Member

    @PremiumFast_Net said:
    Can you show output this command?

    cat /etc/resolv.conf

    Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

    DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

    nameserver 8.8.8.8
    nameserver 8.8.4.4

  • PremiumFast_NetPremiumFast_Net Member, Provider

    Resolv good.. Did you using ipv6 on your droplet?

  • plumbergplumberg Member

    @PremiumFast_Net said:
    Resolv good.. Did you using ipv6 on your droplet?

    I am really not sure. Any way to check that?

  • MikeAMikeA Member, Provider

    Might be worthwhile just to ask them if UDP is being blocked. Or you could use something like PacketSender to try to check if the VPS is receiving UDP via tcpdump.

    ExtraVM DDoS Protected VPS

  • msg7086msg7086 Member

    It's unlikely a provider would block DNS requests to major resolvers.

    OP: please check ip -6 a to see if there's anything that's not fe80.

  • plumbergplumberg Member

    @msg7086 said:
    It's unlikely a provider would block DNS requests to major resolvers.

    OP: please check ip -6 a to see if there's anything that's not fe80.

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::XX:XX::XXX:X:X/64 scope link
    valid_lft forever preferred_lft forever

  • TheLinuxBugTheLinuxBug Member
    edited June 13

    CentOS or Debian / Ubuntu?

    If Debian / Ubuntu check /etc/gai.conf and uncomment the line:

    #precedence ::ffff:0:0/96 100

    This will disable the use of ipv6 and may help with your issues.

    Cheers!

    Have an Allwinner H3 device? Want Android? Check out H3Droid! | Lichee Pi Zero - The 6$ SBC

    18+ Years IT Experience in Linux/Windows Hosting and Administration

  • plumbergplumberg Member

    @TheLinuxBug said:
    CentOS or Debian / Ubuntu?

    If Debian / Ubuntu check /etc/gai.conf and uncomment the line:

    #precedence ::ffff:0:0/96 100

    This will disable the use of ipv6 and may help with your issues.

    Cheers!

    Its ubuntu. After I make that change, will I need to restart any services or anything?

  • plumbergplumberg Member

    @TheLinuxBug said:
    CentOS or Debian / Ubuntu?

    If Debian / Ubuntu check /etc/gai.conf and uncomment the line:

    #precedence ::ffff:0:0/96 100

    This will disable the use of ipv6 and may help with your issues.

    Cheers!

    Did not work... Sigh..... Anything else I can try?

    Same error:
    produced an unexpected error: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f53cb3324d0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)). Skipping

  • msg7086msg7086 Member

    Have you tried to reboot the system? Also do you have nslookup or dig around that you can use to test your dns resolver? You can also try to set 1.1.1.1 as your resolver.

  • rm_rm_ Member

    I guess DO's policy of "the whole DC worth of users in the same /64" finally starting to "pay off".

    Don't worry 144 ms is fine for Heavy monsoon

  • every problem on server always on users, except hardware and network.

    have you try to set dns to 1.0.0.1/1.1.1.1

Sign In or Register to comment.