Another: Timeout during connect (likely firewall problem)

Hi all, apologies in advance for opening yet another thread. But I’m getting this (new) error now.
I’m also keen to restart the certificate procedure from scratch as well (I don’t know how) in order to automate the renewal, as I wasn’t able the first time and I have to do it manually every three months, but every time I generate a new problem.

Thanks,
emilio

My domain is:
emiliovanni.com

I ran this command:
sudo /opt/bitnami/letsencrypt/scripts/renew-certificate.sh

It produced this output:
Unmonitored apache

Syntax OK

/opt/bitnami/apache2/scripts/ctl.sh : httpd stopped

2020/07/11 10:32:17 [INFO] [emiliovanni.com] acme: Trying renewal with -383 hours remaining

2020/07/11 10:32:17 [INFO] [emiliovanni.com, www.emiliovanni.com, private.emiliovanni.com] acme: Obtaining bundled SAN certificate

2020/07/11 10:32:18 [INFO] [emiliovanni.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5584145908

2020/07/11 10:32:18 [INFO] [private.emiliovanni.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5808865123

2020/07/11 10:32:18 [INFO] [www.emiliovanni.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5808901726

2020/07/11 10:32:18 [INFO] [emiliovanni.com] acme: authorization already valid; skipping challenge

2020/07/11 10:32:18 [INFO] [www.emiliovanni.com] acme: authorization already valid; skipping challenge

2020/07/11 10:32:18 [INFO] [private.emiliovanni.com] acme: use tls-alpn-01 solver

2020/07/11 10:32:18 [INFO] [private.emiliovanni.com] acme: Trying to solve TLS-ALPN-01

2020/07/11 10:32:40 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5584145908

2020/07/11 10:32:41 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5808865123

2020/07/11 10:32:41 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5808901726

2020/07/11 10:32:41 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5808901726

2020/07/11 10:32:41 acme: Error -> One or more domains had a problem:

[private.emiliovanni.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url: 

Syntax OK

/opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80

My web server is (include version):
Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version):

Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial

My hosting provider, if applicable, is:
AWS, lightsail instance, bitnami stack

I can login to a root shell on my machine :
Yes I can.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No, doing everything by terminal and AWS wed admin (for DNS, etc).

The version of my client is:
certbot 0.31.0

This domain points to AWS S3 website hosting, rather than to your Ubuntu server.

How have you got your server configured to obtain a certificate for a domain hosted on S3?

Do you need a certificate for that domain on your Ubuntu server, at all?

Hi _az, yes, that is an S3 bucket (I migrated my setup from dreamhost and that was a subdomain I only used to share and host stuff ‘a la dropbox’).

I do load assets from that bucket into the main site, and some others, and I was getting errors as the connection wasn’t secure for private.emiliovanni.com

I’ll try removing it from the setup and run the script again.

Quick update. I managed to set it up again doing it manually, following the guide here: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

I’d like to be able to automate the script, but I’m pretty sure my setup is misconfigured (see the S3 pointing domain in there).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.