yeah, I’m fine and I am indeed looking forward to christmas - to get some internal administrative work done I work much more relaxed, knowing nobody will call
And you, are the grandchildren visiting?
I tried creating the LE cert again, but still get
ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(‘<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fcd0a00e890>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution’,))An unexpected error occurred:ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(‘<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fcd0a00e890>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution’,))
nslookup acme-v01.api.letsencrypt.org fails on some of our machines. Could there be some kind of host file or some redirect of this URL somewhere on those machines? I cannot think of any reason why only that URL fails and only on those machines.
Hi Michael
Sorry for the small delay. Under pressure to finish a lot of work before close of business Friday (most UK companies close then until the 3 Jan
I think it is your resolver, as you have it set to localhost, and therefore just rounds in circles as it were
If you try as follows
SSH into server
vi /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
save
As a test, here is mine
I hope that helps a little
Many thanks
John
nslookup acme-v01.api.letsencrypt.org
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer: acme-v01.api.letsencrypt.org canonical name = api.letsencrypt.org.edgekey.net. api.letsencrypt.org.edgekey.net canonical name = e981.dscb.akamaiedge.net.
Name: e981.dscb.akamaiedge.net
Address: 23.214.84.32
no worries, I am simply glad and thankful, that you always take the time to answer.
Using Google’s NS would help, but this defeats the purpose of the local resolver, i.e. the name resolution of internal domains, especially those just created.
So I was on the right track and you too, John. Nathan helped me and wrote “We’ve seen this before when only the local cache nameserver is in /etc/resolv.conf”. He simply added an external name server to /etc/resolv.conf, same as you suggested John.
I had two knots in my head, the first being that I can simply leave the local resolver in there, i.e.
nameserver 8.8.8.8
nameserver 127.0.0.1
An the second knot was, I had it somehow fixed in my head never to edit /etc/resolv.conf directly, but naturally this is only the fact on servers that use DHCP. And now I also know why some machines work and some don’t. Those working use DHCP and I prepend my own name servers via /etc/dhcp/dhclient-eth0.conf , which of course can’t work on machines with static IPs.
So, note to myself and other’s, who might need it:
If the server uses DHCP (i.e. BOOTPROTO=dhcp in /etc/sysconfig/network-scripts/ifcfg-eth0) you can add additional name servers via /etc/dhcp/dhclient-eth0.conf like this
Attention: They will be added to resolv.conf in reverse order after a reboot or after
service network restart
If the server uses a static IP (e.g. BOOTPROTO=none in /etc/sysconfig/network-scripts/ifcfg-eth0) you can add additional name servers directly via /etc/resolv.conf like Johnn described above
Thanks all for your help and I wish you, your loved ones, the whole IW team and everybody who reads this in time a very merry Christmas and a happy new year!
Hi Michael
Wow, Kudos to you and IW
Glad its now resolved and I hope you have and your loved ones a merry christmas and a very happy new year
Many thanks
John
I work much more relaxed, knowing nobody will call 