Connection timed out

My domain is: bx.btasia.ru

I ran this command: check cite availability on https://check-host.net/check-http?host=https%3A%2F%2Fbx.btasia.ru

It produced this output: Connection timed out

My web server is (include version): node js express + apache2

The operating system my web server runs on is (include version): ubuntu 20.04

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

Hi, i have a server on which I deployed node js express server a month ago, configured redirection in apache2 from localhost:3000 to my rented domain bx.btasia.ru . Configured ssl certificate, double-checked that it has not expired. Checked whether ports tcp 80, 443 are open. But it still does not work, can you please tell me what else could be the problem.

Not from my point of view. Is the IP address 82.146.46.191 correct? How did you check? Your check with the check-host.net check seems to also say your website is completely down.

2 Likes

yes, you can check 82.146.46.191:3000

Timeout on port 3000 too.

Also, if you're already running an Apache webserver, isn't it a better idea to utilise Apache as a reverse proxy for Express? See Reverse Proxy Guide - Apache HTTP Server Version 2.4 for more info.

But needless to say, for that Apache reverse proxy to work, you would still need to have port 80 and 443 open.

Are you checking from your internal LAN by any chance, the same LAN as where the server is hosted? You didn't answer the "hosting provider" so I'm ASSUMING you're self-hosting? Please answer the questions properly in the future so that we don't need to assume anything.

3 Likes

this is a rented vps server, reverse proxy on apache is configured send screenshot

ports are open also

That only shows that some applications are listening on those ports.

There still can be a firewall or NAT portmap preventing access to ports 80 and 443.

Weird thing is: port 22 seems to be open in your firewall, but closed on the OS level. The latter makes sense, because nothing is listening on port 22 (your SSH is probably the 22222 port, which is not accessible from the world wide web). But the former makes me think that at least some firewall plays a roll here. As everything seems to be blocked, except port 22. So something is coming through. Just not port 80 and 443.

2 Likes

I just had ufw turned off, I apologize.

Great, I indeed see HTTP on port 80 accessible as wel as HTTPS on port 443. Which indeed seems to be your reverse proxy to Express.

However, I don't see a HTTP to HTTPS redirect. What's the port 80 Apache configuration?

2 Likes

here it is
photo_2024-10-02_22-56-50

Well, there's no need for that reverse proxy bit in the HTTP (port 80) part..

How did you request the certificate? Because Certbot can also add the HTTP to HTTPS redirect, but it isn't there.

4 Likes

But it's already working as it should, this site is used as a webhook receiver, only https protocol is needed there

OK, in that case I understand.

Please note that for most situations port 80 is still required for renewal of the certificate. You can test renewal using sudo certbot renew --dry-run where --dry-run is for the testing purposes.

2 Likes

The HTTP-01 challenge states "The HTTP-01 challenge can only be done on port 80." and 'Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443. It does not accept redirects to IP addresses. When redirected to an HTTPS URL, it does not validate certificates (since this challenge is intended to bootstrap valid certificates, it may encounter self-signed or expired certificates along the way).'

Best Practice - Keep Port 80 Open

2 Likes

I mean, if I understand correctly, in those cases when I work with a normal site, I should make redirection from http to https of the same site?

For getting a certificate issued from Let’s Encrypt you can, it is not required.

2 Likes

You've resolved the "connection timed out" issue...
If you have not yet been able to obtain a cert:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.