Cerbot --nginx : Timeout during connect

My domain is: allianceeuropeavocats.fr

I ran this command: certbot --nginx --dry-run -v

It produced this output:
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: allianceeuropeavocats.fr

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Simulating renewal of an existing certificate for allianceeuropeavocats.fr

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: allianceeuropeavocats.fr
Type: connection
Detail: Fetching http://allianceeuropeavocats.fr/.well-known/acme-challenge/sdcYpnbDMfBe_BJ6fzw1kR81Vg94xFoIaVVEFkih0XM: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

My web server is (include version):

The operating system my web server runs on is (include version): alpine linux 3.18.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

Just like it says, Let's Encrypt's servers can't connect to your site in order to validate that you own it. I can't from my system either. This is likely a firewall issue, where your firewall is preventing the outside world from connecting to your site.


First of all, thank you for replying so quickly.
Second : I'm just a lawyer managing to move the three neurons between his 2 ears.. Basic use of linux.
Third : nginx is harbouring a nextcloud server on which I depend.
The open port is 444 to access it (I have some pro apps that require 443, hence the shift).

Shouldn't I clean the whole thing and set it up anew?

What ever happened to hiring an IT person to do the IT work?


Lawyers are not afraid of steep learning curves.. And not all are pocket-full (and thus have a little time to roam in strange realms..
BTW, I found my 4th neuron : the rules I had added to the firewall where not saved..
Bad UI. Bad me.
Certificates renewed and sorry for disturbing!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.