I am getting a connection timed out message and a connection refused message when using letsencrypt to check port 80 and 443. I first discovered this when I was running a certbot to confirm I'm the owner of a domain. I've checked to see that nginx is running and it is. I've checked to see if any internal firewalls might be blocking outside attempts at checking the two ports and I don't see there being an issue. The custom nameservers are pointing where they should. The thing all of this is leading me to appears to be an external block. However, I changed from the home WiFi network to a cell hotspot to see if it had an affect and nothing. Could this be a software (code) or configuration issue? Any suggestions or help?
@TonyStark I moved your post into its own thread. We prefer each problem to have its own. The same symptom is often caused by different issues.
Had you posted here first you would have been shown the form below. Please answer as much as you can. Thanks
==============================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
3 Likes
My domain is:
carbon12ai.com
I ran this command:
sudo certbot --nginx -d carbon12ai.com -d www.carbon12ai.com
It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: carbon12ai.com
Type: connection
Detail: 66.81.203.198: Fetching http://carbon12ai.com/.well-known/acme-challenge/1RHdVuw9uqvAv9AY1IgRVceLiugyu7gH9U4iBeJr_Eg: Timeout during connect (likely firewall problem)
Domain: www.carbon12ai.com
Type: connection
Detail: 66.81.203.198: Fetching http://www.carbon12ai.com/.well-known/acme-challenge/XKteqIydiqGYLeyWmKKIVtkgPIMVvf4HweEpjADguVA: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 24.04.1 LTS
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don't know):
I don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
N/A
1 Like
Your site needs to be publicly accessible from the internet in order to obtain a certificate using certbot. The following test indicates that it is not.
Have you verified port forwarding, firewall settings on all involved devices, and the IPs in your DNS records?
3 Likes
Hi,
Thank you for your reply. My answers are as follows:
Your site needs to be publicly accessible from the internet:
I updated the "A" record and "www" record in my domain registrar dashboard.
port forwarding:
Connection time out (canyouseeme.org)
firewall settings on all involved devices:
I checked and these are not the problem
IPs in your DNS records:
Is the IP address I updated the A and WWW records with what I need to update? If so, it's done.
Also, I'm using a residential ISP and the IP assigned is not static. How can I make them fixed?
I don't believe this is interfering with the certbot but it could be a problem later.
Best,
David
TonyStark
1 Like
Well, if the domain name always points to your current IP, then that should be enough. For a static IP, you may need to contact your ISP and they may want to upgrade you to a "business" type of plan. Many ISPs block incoming web connections for residential plans, which may be part of your problem as well.
I don't know if we can give you much more specific advice: First you need to get your site working, and only then start work on getting a certificate. (Unless you're intending to only have your site accessible internally, in which case you might be able to use the DNS challenge instead, but it sounds like you're trying to make a publicly visible site.)
4 Likes
Ok. Thank you
2 Likes