Cannot create/renew ACME certificate: "Cannot get ACME client get directory"

Hello everyone.

One of my domain's ACME certificates expired and I noticed I wasn't able to connect to my service anymore.

I took a look at the logs and it seems that this is the culprit:

cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get https://acme-v02.api.letsencrypt.org/directory: dial tcp 172.65.32.248:443: i/o timeout"

I want to note that I haven't changed my configuration.

This is my traefik.toml:

logLevel= "DEBUG"
# defaultEntryPoints must be at the top because it should not be in any table below
defaultEntryPoints = ["http", "https"]

[web]
# Port for the status page
address = ":8080"

# Entrypoints, http and https
[entryPoints]

# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"

# https is the default
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]

# Enable ACME (Let's Encrypt): automatic SSL
[acme]
# caServer = "https://acme-staging.api.letsencrypt.org/directory"
email = "test@example.com"
storage = "/etc/traefik/acme/acme.json" # or "traefik/acme/account" if using KV store
entryPoint = "https"
OnHostRule = true
onDemand = false

[acme.httpChallenge]
entryPoint = "http"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false

I have also tried to use tlsChallenge to no avail. It seems that traefik's container is not able to connect to the internet for some reason.

Thank you very much!

Hi @peperunas, as you guessed, Traefik container is not able to reach the internet. This problem is related to your infrastructure, not to Traefik, as the error message i/o timeout comes from your kernel (Traefik asked to kernel to establish a connection, and the kernel answered i/O timeout).

You need to provide more elements, as trying to analysis partial configuration is not really doable :wink:
What is the "container" system you are using? On which kind of machine? With which OS? etc.
What does your network look like? Is there a proxy or a network firewall?

Some clues:

  • Try to restart the Docker Engine, which will reset any iptables rules (assuming you are using Docker on Linux)
  • Try to restart your whole machine
  • Try to disable (temporarly) the firewall of your machine to verify that it fixes the issue

Hope it helps

I had to reset all the docker networks to solve this problem. I noticed that every container on my system wasn't connected to the internet. I have no idea what could have caused this!

Thank you for your support!

1 Like