Authentication failing even though authentication server is connecting

Hi Everyone,

I'm having a problem generating a certificate for my self hosted server, keep getting a "Timeout during connect"

I've done may installation and know what to check for and how to but this one has me scratching my head.

I am trying to authenticate using HTTP, I can see the authentication server successfully pull the authentication file but the process still fails.

Here are the detail of my setup,
OS: Ubuntu 18
WS: Nginx 1.18.0
CertBot: 0.40.0

Authentication Request from Nginx Access Log

66.133.109.36 - - [31/Jan/2024:02:27:20 +0800] "GET /.well-known/acme-challenge/V-2p0nQobKbtrFTbdZ2YBVThA2_gIH0kBjrx2yYYEIA HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

I have even tried manually creating the same file with random text and manually accessing it will a web browser, and it works perfectly.

Manual Request from Nginx Log

23.233.38.12 - - [31/Jan/2024:02:41:47 +0800] "GET /.well-known/acme-challenge/V-2p0nQobKbtrFTbdZ2YBVThA2_gIH0kBjrx2yYYEIA HTTP/1.1" 200 44 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0"

Any ideas what the issue might be?

Thanks in advance!

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

3 Likes

How many requests do you see? You should be seeing at least three, from different places, because Let's Encrypt checks from multiple places to ensure that you actually own the name as seen from everywhere on the Internet. Might you have some sort of geographic blocking, or "smart" firewall, or the like, blocking some of the requests?

Also, answering that questionnaire, including particularly the domain name and exact error message you're getting, will definitely make it easier for people to help you.

4 Likes

I only see one! Okay, now I know what to look for! And what is causing my issue!

Thank you!

1 Like

Try https://letsdebug.net - your domain possibly resolves to multiple IPs, we can't tell without knowing the domain.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.