Certbot standalone timeout on Windows and nginx

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: test-uxui.prismaphotonics.net

I ran this command: certbot certonly --standalone (before i run this command i stoped nginx server)

It produced this output:
"Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: test-uxui.prismaphotonics.net
Type: connection
Detail: 3.64.68.86: Fetching http://test-uxui.prismaphotonics.net/.well-known/acme-challenge/kFIF5Tg5IxJSJbigVOe0e05NH2O1bF-Lc2-IDPZ9oII: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet."

My web server is (include version): nginx

The operating system my web server runs on is (include version): windows

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes . i run this from admin command prompt

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):2.0.0

adding the log file:

2022-12-05 11:04:47,040:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "C:\Program Files\Certbot\pkgs\certbot_internal\auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "C:\Program Files\Certbot\pkgs\certbot_internal\auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-12-05 11:04:47,041:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-12-05 11:04:47,041:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-12-05 11:04:47,041:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80...
2022-12-05 11:04:47,042:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80...
2022-12-05 11:04:47,256:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "runpy.py", line 197, in _run_module_as_main
File "runpy.py", line 87, in run_code
File "C:\Program Files\Certbot\bin\certbot.exe_main.py", line 29, in
sys.exit(main())
File "C:\Program Files\Certbot\pkgs\certbot\main.py", line 19, in main
return internal_main.main(cli_args)
File "C:\Program Files\Certbot\pkgs\certbot_internal\main.py", line 1736, in main
return config.func(config, plugins)
File "C:\Program Files\Certbot\pkgs\certbot_internal\main.py", line 1590, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "C:\Program Files\Certbot\pkgs\certbot_internal\main.py", line 138, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "C:\Program Files\Certbot\pkgs\certbot_internal\client.py", line 516, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "C:\Program Files\Certbot\pkgs\certbot_internal\client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "C:\Program Files\Certbot\pkgs\certbot_internal\client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "C:\Program Files\Certbot\pkgs\certbot_internal\auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "C:\Program Files\Certbot\pkgs\certbot_internal\auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-12-05 11:04:47,258:ERROR:certbot._internal.log:Some challenges have failed.

things i already checked: i disabled all inbound firewall ruls including port 80
i check the dns a record point to my public ip address.

Best Practice - Keep Port 80 Open

$ nmap test-uxui.prismaphotonics.net
Starting Nmap 7.91 ( https://nmap.org ) at 2022-12-05 07:32 PST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.41 seconds
e6430-i5$ nmap -Pn test-uxui.prismaphotonics.net
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-12-05 07:32 PST
Nmap scan report for test-uxui.prismaphotonics.net (3.64.68.86)
Host is up.
rDNS record for 3.64.68.86: ec2-3-64-68-86.eu-central-1.compute.amazonaws.com
All 1000 scanned ports on test-uxui.prismaphotonics.net (3.64.68.86) are filtered

Nmap done: 1 IP address (1 host up) scanned in 203.26 seconds

Your public IP is in AWS EC2. As Bruce noted, ports 80 and 443 are not open.

Have you checked your EC2 Security Groups to ensure inbound traffic is allowed?

The Let's Debug site (here) is a good way to test basic connectivity

Also, why are you using the standalone method rather than keeping nginx running and using webroot authentication? webroot should be much easier and won't require nginx to be stopped

hey guys.
i opened security group for port 80 and 443 from 0.0.0.0 at AWS. also disabled all firewall rules at the machine.
i don't understand why it is still show me "connection refused" .

$ nmap -Pn test-uxui.prismaphotonics.net
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-12-05 09:16 PST
Nmap scan report for test-uxui.prismaphotonics.net (3.64.68.86)
Host is up (0.17s latency).
rDNS record for 3.64.68.86: ec2-3-64-68-86.eu-central-1.compute.amazonaws.com
Not shown: 998 filtered ports
PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 12.88 seconds

Usually using --webroot or the --nginx plug-in is easier than --standalone. Especially to debug comms problems.

But, to debug --standalone try:

sudo certbot certonly --standalone -d test-uxui.prismaphotonics.net --debug-challenges -v

Certbot will pause and show you a URL. Leave that certbot running and try accessing that URL from a different machine. You can show us that URL if you need more help

I'm not sure the word "still" is valid here. Previously, you got a time out. That's fundamentally different than a "connection refused" error. The former can be anything, mostly firewall or NAT portmap issued, the latter is due to the appropriate service not running.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.