Certbot issues: listening on port 80 and Timeout during connect

Help
1

My domain is: ammmabotti1.omnia.fi:444

I ran this command: sudo certbot --apache

It produced this output: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My web server is (include version): Server version: Apache/2.4.29 (Ubuntu)
Server built: 2020-08-12T21:33:25

The operating system my web server runs on is (include version): 18.04.1-Ubuntu

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.13.0

I also get this error when giving this command:
sudo certbot certonly -a webroot -w /var/www/html -d ammabotti1.omnia.fi --dry-run
And error here:
Timeout during connect

2

Hi @fugit185

what's your question?

There

is your complete job. Do that.

3

What? See these

[paulii@vetbot-v4 /~ TUOTANTO]$ netstat -pant
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25225 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25324 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5005 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5006 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5007 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5008 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5009 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5010 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5011 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5012 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 304 10.255.251.4:22 91.153.56.74:55341 ESTABLISHED -
tcp 0 0 10.255.251.4:54120 13.69.65.27:443 TIME_WAIT -
tcp 0 0 10.255.251.4:54072 13.69.65.27:443 TIME_WAIT -
tcp 0 0 10.255.251.4:54124 13.69.65.27:443 ESTABLISHED -
tcp 0 0 10.255.251.4:54114 13.69.65.27:443 TIME_WAIT -
tcp 0 0 10.255.251.4:49432 169.254.169.254:80 TIME_WAIT -
tcp 0 0 10.255.251.4:54122 13.69.65.27:443 ESTABLISHED -
tcp 0 0 10.255.251.4:54074 13.69.65.27:443 TIME_WAIT -
tcp 0 0 10.255.251.4:49418 169.254.169.254:80 TIME_WAIT -
tcp 0 0 10.255.251.4:54082 13.69.65.27:443 TIME_WAIT -
tcp 0 0 10.255.251.4:54112 13.69.65.27:443 TIME_WAIT -
tcp 0 0 10.255.251.4:54118 13.69.65.27:443 TIME_WAIT -
tcp 0 0 10.255.251.4:54116 13.69.65.27:443 TIME_WAIT -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::444 :::* LISTEN -

[paulii@vetbot-v4 /~ TUOTANTO]$ apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:444 is a NameVirtualHost
default server ammabotti1.omnia.fi (/etc/apache2/sites-enabled/amva.conf:1)
port 444 namevhost ammabotti1.omnia.fi (/etc/apache2/sites-enabled/amva.conf:1)
alias www.ammabotti1.omnia.fi
port 444 namevhost aspabotti1.omnia.fi (/etc/apache2/sites-enabled/aspa.conf:1)
alias www.aspabotti1.omnia.fi
port 444 namevhost ittukibot.omnia.fi (/etc/apache2/sites-enabled/ittuki.conf:2)
alias www.ittukibot.omnia.fi
port 444 namevhost vetbot2.omnia.fi (/etc/apache2/sites-enabled/laakebot.conf:2)
alias www.vetbot2.omnia.fi
port 444 namevhost sakkybotti1.omnia.fi (/etc/apache2/sites-enabled/sakky.conf:1)
alias www.sakkybotti1.omnia.fi
port 444 namevhost syobotti1.omnia.fi (/etc/apache2/sites-enabled/syobot.conf:1)
alias www.syobotti1.omnia.fi
port 444 namevhost talhalbotti1.omnia.fi (/etc/apache2/sites-enabled/talhal.conf:1)
alias www.talhalbotti1.omnia.fi
*:443 vetbot1.omnia.fi (/etc/apache2/sites-enabled/webot.conf:2)

[paulii@vetbot-v4 /~ TUOTANTO]$ apache2ctl -S
VirtualHost configuration:
*:444 is a NameVirtualHost
default server ammabotti1.omnia.fi (/etc/apache2/sites-enabled/amva.conf:1)
port 444 namevhost ammabotti1.omnia.fi (/etc/apache2/sites-enabled/amva.conf:1)
alias www.ammabotti1.omnia.fi
port 444 namevhost aspabotti1.omnia.fi (/etc/apache2/sites-enabled/aspa.conf:1)
alias www.aspabotti1.omnia.fi
port 444 namevhost ittukibot.omnia.fi (/etc/apache2/sites-enabled/ittuki.conf:2)
alias www.ittukibot.omnia.fi
port 444 namevhost vetbot2.omnia.fi (/etc/apache2/sites-enabled/laakebot.conf:2)
alias www.vetbot2.omnia.fi
port 444 namevhost sakkybotti1.omnia.fi (/etc/apache2/sites-enabled/sakky.conf:1)
alias www.sakkybotti1.omnia.fi
port 444 namevhost syobotti1.omnia.fi (/etc/apache2/sites-enabled/syobot.conf:1)
alias www.syobotti1.omnia.fi
port 444 namevhost talhalbotti1.omnia.fi (/etc/apache2/sites-enabled/talhal.conf:1)
alias www.talhalbotti1.omnia.fi
*:443 vetbot1.omnia.fi (/etc/apache2/sites-enabled/webot.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used

[paulii@vetbot-v4 /apache2 TUOTANTO] pwd /etc/apache2 [paulii@vetbot-v4 /apache2 TUOTANTO] cat ports.conf
'# If you just change the port or add more ports here, you will likely also
'# have to change the VirtualHost statement in
'# /etc/apache2/sites-enabled/000-default.conf

Listen 80
#Listen *:80 *::80
#<VirtualHost *:80 *::80> # if you want IPv4 and IPv6
#<VirtualHost *::80> # just IPv6

Listen 444

IfModule ssl_module
Listen 443
IfModule

IfModule mod_gnutls.c
Listen 443
</IfModule

4

Only port 443 and 444 (why 444?!?). Let's Encrypt starts its http-01 validation on port 80, one of the mandatory port numbers. You don't have a HTTP virtualhost on port 80, so certbots apache plugin doesn't function. Also, the webroot plugin doesn't work too, as there is nothing listening on port 80.

5

Ok, I made this change

[paulii@vetbot-v4 /sites-available TUOTANTO]$ cat webot.conf

<VirtualHost *:80>
ServerAdmin webmaster@localhost
#ServerName vetbot1.omnia.fi
ServerName vetbot4.westeurope.cloudapp.azure.com
ServerAlias www.vetbot1.omnia.fi
DocumentRoot /var/www/html/vetbot
etc...

and we after that check

sudo apache2ctl -t
Syntax OK<

and then load new config

sudo apache2ctl -k restart<

and now we can see

apache2ctl -S

*:80 vetbot4.westeurope.cloudapp.azure.com (/etc/apache2/sites-enabled/webot.conf:2)<

then I try again

sudo certbot --apache<

Choose right vhost

Which names would you like to activate HTTPS for?

1: vetbot4.westeurope.cloudapp.azure.com
2: ammabotti1.omnia.fi
3: www.ammabotti1.omnia.fi
4: aspabotti1.omnia.fi
5: www.aspabotti1.omnia.fi
6: ittukibot.omnia.fi
7: www.ittukibot.omnia.fi
8: sakkybotti1.omnia.fi
9: www.sakkybotti1.omnia.fi
10: syobotti1.omnia.fi
11: www.syobotti1.omnia.fi
12: talhalbotti1.omnia.fi
13: www.talhalbotti1.omnia.fi
14: www.vetbot1.omnia.fi
15: vetbot2.omnia.fi
16: www.vetbot2.omnia.fi

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for vetbot4.westeurope.cloudapp.azure.com

But still it fails

Domain: vetbot4.westeurope.cloudapp.azure.com
Type: connection
Detail: Fetching
http://vetbot4.westeurope.cloudapp.azure.com/.well-known/acme-challenge/x_v6zBgt0mTc6BuN03m2cyW5unQXnsu2GKjEqKMrt5w:
Timeout during connect (likely firewall problem)
<

What I should try next?

6

You have to read your error message.

Open your firewall - Amazon has Security Groups, you have to allow port 80.

7

Port 80 is open at firewall

8

Found reason, port 80 was not open correctly, create again, and now SSL works!

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.