Certbot for Nginx times out on rebuilt VPS

I recently had to rebuild my VPS after running a command that completely overwrote my software :disappointed:. I decided to switch to using NGINX for my “new” server, after having used Apache for my old one. On my old server I had set up a Let’s Encrypt certificate with Certbot and that worked fine. Though, now it times out every time I try to get a certificate for the new server.

Please fill out the fields below so we can help you better.

My domain is: ianmorrill.com

I ran this command: sudo certbot --nginx

It produced this output:

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for ianmorrill.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ianmorrill.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

 - The following errors were reported by the server:

   Domain: ianmorrill.com
   Type:   connection
   Detail: Timeout

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): Nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Name: ianmorrill.com
Addresses: 2600:3c03::f03c:91ff:fee9:57e

Make sure the IPv6 connections reach your system and are handled correctly.
Otherwise remove the AAAA records from DNS.

In this case the IPv6 to IPv4 fallback happened since it was a TLS-SNI-01 challenge.

I can confirm from the server-side logs that both the IPv6 and IPv4 address timed out. Do you have something that might be blocking network requests from external IPs on port 443?

I’m not able to curl or openssl s_client either the IPv6 or IPv4 address from a test system, though the addresses do ping successfully.

seems this was fixed


Yes, indeed it was. Thanks to everyone who replied for helping me get my server encrypted again. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.