New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DO - Unable to renew LetsEncrypt
I am trying to renew my SSL certificate (which has expired last week) using Certbot
raise ConnectionError(e, request=request) ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port443): > Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection > object at 0x7f55200944d0>: Failed to establish a new connection: [Errno -3] Temporary > failure in name resolution',))
Also, if I do ping 8.8.8.8, it works. However, ping google.com, nothing comes up.
ping acme-v01.api.letsencrypt.org does not work. But ping 104.99.153.11 (this IP is returned for acme-v01 from another system), and it responds.
I checked iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
How/ what else do I need to check what is stopping my DO droplet from renewal?
Thanks!
Comments
Can you show output this command?
cat /etc/resolv.conf
Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 8.8.4.4
Resolv good.. Did you using ipv6 on your droplet?
I am really not sure. Any way to check that?
Might be worthwhile just to ask them if UDP is being blocked. Or you could use something like PacketSender to try to check if the VPS is receiving UDP via tcpdump.
It's unlikely a provider would block DNS requests to major resolvers.
OP: please check
ip -6 a
to see if there's anything that's not fe80.1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::XX:XX::XXX:X:X/64 scope link
valid_lft forever preferred_lft forever
CentOS or Debian / Ubuntu?
If Debian / Ubuntu check /etc/gai.conf and uncomment the line:
This will disable the use of ipv6 and may help with your issues.
Cheers!
Its ubuntu. After I make that change, will I need to restart any services or anything?
Did not work... Sigh..... Anything else I can try?
Same error:
produced an unexpected error: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f53cb3324d0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)). Skipping
Have you tried to reboot the system? Also do you have
nslookup
ordig
around that you can use to test your dns resolver? You can also try to set 1.1.1.1 as your resolver.I guess DO's policy of "the whole DC worth of users in the same /64" finally starting to "pay off".
every problem on server always on users, except hardware and network.
have you try to set dns to 1.0.0.1/1.1.1.1