BadAuth, Timeout during connect (likely a firewall problem)

The operating system: Windows Server 2019 Standard 64-bit (10.0)

My domain is:

  • pulsit.co.za
    A record created: job.pulsit.co.za

I can login to a root shell on my machine: I don't know.

Running a program called SQLpage, SQLPage is a web server written in Rust.
This program is hosted in a internal network that has a gateway.

SQLPage has a configuration file, for HTTPS deployment the configuration file has to contain the following:
(Currently using the staging api)(Will change in the future)

{
 "https_domain": "job.pulsit.co.za",
  "https_acme_directory_url": "https://acme-staging-v02.api.letsencrypt.org/directory"
}

It produced this output:
[2023-12-05T11:56:31.046Z ERROR sqlpage::webserver::https] ACME configuration error: Order(BadAuth(Auth { status: Invalid, identifier: Dns("job.pulsit.co.za"), challenges: [Challenge { typ: IlsAlpn01, url: "https://acme-v02.api.letsencr pt.org/acme/chall-v3/290629717846/DQ-eXg", token: "kCvSdqZe9W8OxgVKICRVJXRyBO2y6oYmYSL3aAIY20o", error: Some(Problem { typ: Some("urn:ietf:params:acme:error:connection"), detail: Some("gateway_ip: Timeout during connect (likely fire all problem)") }) }] 1))

Note:
Confirmed with the network providers and the firewall providers, port 443 is open for https traffic.

I'm afraid it's not from my point of view.

Your error message shows usage of the production endpoint.

3 Likes

Thank you for the feedback.

This was ran by our network administrators and indicates port 443 is listening.

Correct, I was not aware of the staging endpoint at that time.

We tested this morning and according to our network administrators, the connection is getting closed from the API URL.

image

Ran the following CMD Commands as well.

image

From the server where the application is running.

Tracing the ACME API endpoint isn't really useful: it's not your outgoing connection to the ACME API giving you trouble, it's the incoming tls-alpn-01 challenge connection from the validation server (which is not the same host as the ACME API endpoint) to your host on port 443.

The "Timeout during connect (likely firewall problem)" error means the validation server cannot connect to your server at all.

4 Likes

Thank you for the feedback.

What would you recommend I do in this situation?

Doublecheck if the open status of port 443 also is valid for incoming connections from any IP address worldwide.

You can use numerous websites online to check if your host is up or not, e.g. Job.pulsit.co.za - Is Job Down Right Now? or any other online tool.

4 Likes

Adding: the incoming validation connections will come from multiple random ips worldwide. That is why @Osiris underscored the importance of making a connection from anywhere in the world.

Personally, I find it helpful to use shell accounts on external machines to test this connectivity. Usually I will use a home laptop and a personal server - or two - to do these checks. Office computers are terrible because someone always tosses the office ip range into an allowlist somewhere.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.