Certbot Timeout

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jcasvcs.com and subdomain odoo.jcasvcs.com

I ran this command: certonly --standalone --register-unsafely-without-email -d jcasvcs.com -d odoo.jcasvcs.com

It produced this output: Detail: 162.211.27.195: Fetching http://jcasvcs.com/.well-known/acme-challenge/PwIx4G-80TMzwC_bwZtAe1IrDF-2qs00xHAEeikVoRs: Timeout during connect (likely firewall problem)

My web server is (include version): IIS v10

The operating system my web server runs on is (include version): WIndows Server 2019 v1809 Build 17763.4010

My hosting provider, if applicable, is: Ionos

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): IIS

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.24.0

Hi @Jon_AK, and welcome to the LE community forum :slight_smile:

I see:

and

Is your HTTP site available from the Internet?

Also:

Is there a firewall blocking OR not forwarding correctly?

2 Likes

Is that the current IP?

2 Likes

That is the current IP. I also made sure that both inboud & outbound port 80 are open on the server. Port 80 is forwarded in the router to the IP address of the server. I followed the instructions to make sure that IIS was shutdown prior to running certbot so not sure exactly what may be in the way yet. I was also unaware of the limitation imposed upon cert registration failures & as a result of verifying my settings after each failure, my last attempt let me know that I had exceeded the this limit. Not sure if I can even continue now???

Jon Albright
JCA Services LLC
Soldotna, Alaska

I see no ports accessible

$ nmap -Pn jcasvcs.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-23 12:13 PST
Nmap scan report for jcasvcs.com (162.211.27.195)
Host is up.
rDNS record for 162.211.27.195: 162-211-27-195.sol.spitwspots.net
All 1000 scanned ports on jcasvcs.com (162.211.27.195) are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.38 seconds
$ nmap -Pn odoo.jcasvcs.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-23 20:13 UTC
Nmap scan report for odoo.jcasvcs.com (162.211.27.195)
Host is up.
rDNS record for 162.211.27.195: 162-211-27-195.sol.spitwspots.net
All 1000 scanned ports on odoo.jcasvcs.com (162.211.27.195) are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.83 seconds
1 Like

hmmm, I don't understand that. before I began anything today, i logged onto the website that is attached to this server but I just checked it and you're correct, it shows closed.

1 Like

sorry about that, the website is not ready to open until i get the ssl cert so i closed it after trying to get the cert via certbot. it shows as open now

1 Like

Once you sort out that you might want to consider a different ACME client. Certbot does not easily integrate with IIS. You wouldn't use certbot standalone with a running server of any kind. And, certbot does not create certs in form Windows/IIS likes it so you need to convert and do stuff manually.

Consider using Certify the Web (a gui) or another Windows focused ACME client

5 Likes

Certify the Web is your best option. The author is a frequent contributor here, so you are more likely to get expert support if you run into issues. WinAcme, PoshAcme and Certes tend to be popular here and have some amount of support as well - but Certify is the best option in terms of robustness, ease of use and support.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.