Connection timed out

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ffcvapi.cruxvoice.in

I ran this command: certbot renew

It produced this output:
requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by ConnectTimeoutError(<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f3949f99390>, ‘Connection to acme-v02.api.letsencrypt.org timed out. (connect timeout=45)’))

My web server is (include version):
Apache 2.4

The operating system my web server runs on is (include version): debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Things which i have tried yet…

1. ran dig command and added /etc/hosts entry: 172.65.32.248 acme-v02.api.letsencrypt.org

2. tried few command suggested in other thread to check connectivity issues…
   jayesh@web:~ curl -4 -X GET -I -m 10 https://acme-v02.api.letsencrypt.org/directory curl: (28) Connection timed out after 10001 milliseconds jayesh@web:~ curl -6 -X GET -I -m 10 https://acme-v02.api.letsencrypt.org/directory
   curl: (7) Couldn’t connect to server
   jayesh@web:~ head -c 35000 /dev/urandom | base64 | curl -d @- -i -X POST -m 10 -H 'Expect:' https://acme-v02.api.letsencrypt.org/acme/new-order curl: (28) Connection timed out after 10000 milliseconds jayesh@web:~ head -c 350 /dev/urandom | base64 | curl -d @- -i -X POST -m 10 -H ‘Expect:’ https://acme-v02.api.letsencrypt.org/acme/new-order
   curl: (28) Connection timed out after 10001 milliseconds

3. tried to change mtu setting with values 1300 and 1400. didn’t help.

Please help me to diagnose this issue.

Hi @jayesh

are you able to connect other domains?

curl https://www.google.com/
ping letsencrypt.org
traceroute letsencrypt.org

If your network is broken: Where is that server? Self hostet? Data center? If it’s a data center, ask your provider.

Remember to put things back.
Undo:

Thanks for your reply and yes - I am able to connect other domains.

sharing outputs…

curl https://www.google.com/ => Recieved output, connected succesfully. Not posting output here because its too long.

ping letsencrypt.org =>
PING letsencrypt.org (134.209.106.40) 56(84) bytes of data.
64 bytes from 134.209.106.40 (134.209.106.40): icmp_seq=1 ttl=52 time=65.3 ms
64 bytes from 134.209.106.40 (134.209.106.40): icmp_seq=2 ttl=52 time=65.0 ms
64 bytes from 134.209.106.40 (134.209.106.40): icmp_seq=3 ttl=52 time=64.9 ms
64 bytes from 134.209.106.40 (134.209.106.40): icmp_seq=4 ttl=52 time=65.5 ms
^C
— letsencrypt.org ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 64.944/65.237/65.583/0.357 ms

traceroute letsencrypt.org
traceroute to letsencrypt.org (206.189.89.118), 30 hops max, 60 byte packets
1 182.173.67.241 (182.173.67.241) 1.894 ms 1.317 ms 2.310 ms
2 192.168.0.166 (192.168.0.166) 0.983 ms 0.795 ms 0.969 ms
3 182.173.64.227 (182.173.64.227) 1.339 ms 1.037 ms 1.222 ms
4 115.113.163.25.static-pune.vsnl.net.in (115.113.163.25) 2.054 ms 3.048 ms 2.309 ms
5 172.31.155.174 (172.31.155.174) 2.161 ms 2.103 ms 2.315 ms
6 172.23.78.229 (172.23.78.229) 2.258 ms 1.946 ms 1.815 ms
7 172.17.169.202 (172.17.169.202) 29.072 ms 28.966 ms 29.007 ms
8 ix-ae-4-2.tcore1.cxr-chennai.as6453.net (180.87.36.9) 28.329 ms 27.301 ms 26.522 ms
9 if-ae-34-2.tcore1.svq-singapore.as6453.net (180.87.36.41) 66.767 ms 65.413 ms 65.493 ms
10 if-ae-7-2.thar1.svq-singapore.as6453.net (180.87.98.9) 65.095 ms 64.860 ms 65.002 ms
11 120.29.214.142 (120.29.214.142) 65.056 ms 65.052 ms 120.29.214.50 (120.29.214.50) 63.637 ms
12 * 138.197.245.9 (138.197.245.9) 65.671 ms 138.197.245.3 (138.197.245.3) 64.683 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Server is hosted in Data Center.

You need a traceroute specifically to acme-v02.api.letsencrypt.org.

letsencrypt.org is entirely separate and not relevant to your original issue.

Please find output..

traceroute acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 182.173.67.241 (182.173.67.241) 1.328 ms 1.745 ms 2.247 ms
2 192.168.0.166 (192.168.0.166) 1.186 ms 1.017 ms 1.026 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

You need to talk to your host/NOC. Send them that last traceroute, it clearly conveys the problem.

ok checking with them, Thanks a ton !!
will get back with results.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.