An unexpected error occurred

My domain is: home.rogersoft.nl

I ran this command: certbot certonly --webroot

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes):

Hi, if got this message:
An unexpected error occurred:
requests.exceptions.ConnectionError:
HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443):
Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x048C6B20>:
Failed to establish a new connection: [WinError 10060]

Using Let's Debug yields these results https://letsdebug.net/home.rogersoft.nl/1418870

ANotWorking
Error
home.rogersoft.nl has an A (IPv4) record (83.87.74.223) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with home.rogersoft.nl/83.87.74.223: Get "http://home.rogersoft.nl/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://home.rogersoft.nl/.well-known/acme-challenge/letsdebug-test (using initial IP 83.87.74.223)
@0ms: Dialing 83.87.74.223
@10000ms: Experienced error: context deadline exceeded 
IssueFromLetsEncrypt
Error
A test authorization for home.rogersoft.nl to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
83.87.74.223: Fetching http://home.rogersoft.nl/.well-known/acme-challenge/SVPFl_hw665AVnkKBLp1ZPJe2eO9upT5i_AFS5ir6CM: Timeout during connect (likely firewall problem) 

The HTTP-01 challenge of the Challenge Types - Let's Encrypt requires Port 80 to be Open.
Best Practice - Keep Port 80 Open

1 Like

What version of Windows are you running?

That looks like you can't make a connection from your Windows system to the Let's Encrypt servers.

Are you able to make connections to other domain names - like google?

3 Likes

And nmap -Pn is show no open ports, at least for IPv4 Addresses.

$ nmap -Pn home.rogersoft.nl
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-23 16:52 UTC
Nmap scan report for home.rogersoft.nl (83.87.74.223)
Host is up.
rDNS record for 83.87.74.223: 83-87-74-223.cable.dynamic.v4.ziggo.nl
All 1000 scanned ports on home.rogersoft.nl (83.87.74.223) are filtered

Nmap done: 1 IP address (1 host up) scanned in 202.07 seconds
1 Like

From the is Help Topic of the OP Problem certbot on win 11; looks like Windows 11.
(even has the same IPv4 Address)

2 Likes

Maybe your ISP has started blocking your port 80 [again].

3 Likes

In that case, what does this show?

curl google.com

3 Likes

That wouldn't affect outgoing HTTPS connections.

4 Likes

So true.
Not sure what I was looking at...
:face_with_spiral_eyes:

3 Likes

Hi all,
I did a check-up with www.grc.com, shielssUP port checker.
And yes indeed my ISP.
Indeed, it blocked the ports again.
Very annoying because it's the only one in my neighborhood with fast internet.
And they can remotely adjust my modem whenever they want.
Their help desk doesn't answer, or even give a reason why.
So I can only hope that another provider will soon install their fiber optic cable network.
Thanks for the quick responses.

2 Likes

Maybe their modem can be set to "bridge mode".
If so, maybe then you can use your own router to NAT/Port Forward.
[without them blocking you - maybe]

Yes, I said "maybe" three times on purpose.
It is a big "maybe", but worth trying [or, at least, asking your ISP about that solution/workaround].

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.