ConnectTimeout when registering certificate

So, you can't get a cert now...
Are there any firewall logs that can be checked?
Can you try the traceroute again?

3 Likes

Yes, I still can't get a cert until now.

[admskl@sites ~]$ sudo traceroute -T -p 443 acme-v02.api.letsencrypt.org
traceroute to acme-v02.api.letsencrypt.org (172.65.32.248), 30 hops max, 60 byte packets
1 10.92.224.62 (10.92.224.62) 0.700 ms 0.723 ms 10.92.227.62 (10.92.227.62) 0.652 ms
2 11.73.1.193 (11.73.1.193) 0.449 ms * 11.73.1.169 (11.73.1.169) 0.471 ms
3 11.58.184.105 (11.58.184.105) 0.873 ms 11.58.185.185 (11.58.185.185) 0.831 ms 11.58.185.177 (11.58.185.177) 0.458 ms
4 10.54.148.74 (10.54.148.74) 0.895 ms 10.54.148.82 (10.54.148.82) 1.376 ms 10.54.148.70 (10.54.148.70) 1.435 ms
5 * * cloudflare-as13335.iix.net.id (103.28.75.135) 3.380 ms
6 172.65.32.248 (172.65.32.248) 1.918 ms 1.923 ms *

1 Like

We are not blocking this IP address.

4 Likes

Using https://check-host.net/ from around the world Check website performance and response: Check host - online website monitoring are getting Server Error 404 (Not Found)

1 Like

?? the problem is the outbound connection from their server to the LE acme endpoint.

So far we've not seen any problems with inbound connections to their server.

3 Likes

I am a bit confused, from SSL Server Test (Powered by Qualys SSL Labs) it looks like a Certificate was issued Fri, 21 Oct 2022 17:14:00 UTC and is in use by the server for wpd.dev.skolla.online

https://www.ssllabs.com/ssltest/analyze.html?d=wpd.dev.skolla.online

Certificate #1: RSA 2048 bits (SHA256withRSA)
Server Key and Certificate #1
Subject wpd.dev.skolla.online
Fingerprint SHA256: 0b74da3d4e059c8191e8209f1cff4023e3f530767602e131c4b10db048d524a8
Pin SHA256: 6gzWzWaSLZCyGbiZMjBoUu82sEtUQYzEO/bcq9euHHY=
Common names wpd.dev.skolla.online
Alternative names wpd.dev.skolla.online
Serial Number 032aff86bfc345874e14a7d585c282a1a5a8
Valid from Fri, 21 Oct 2022 17:14:00 UTC
Valid until Thu, 19 Jan 2023 17:13:59 UTC (expires in 2 months and 28 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer R3
AIA: http://r3.i.lencr.org/
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency **Yes (certificate)**
OCSP Must Staple No
Revocation information OCSP
OCSP: http://r3.o.lencr.org
Revocation status Good (not revoked)
DNS CAA No ([more info](https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum))
Trusted **Yes**
Mozilla Apple Android Java Windows

3 Likes

Apologize guys.
I didn't realize just before posting Post#22, I execute
"sudo certbot --nginx --domain wpd.dev.skolla.online"
and it succesfully deployed certificate.

It's solved.
Thank you for everyone.

So, what is root cause of my problem?

2 Likes

Unreliable comms outbound from your server to the Let's Encrypt ACME server

Perhaps all outbound connects are affected. Your earlier tests to google and ifconfig.co worked but maybe they would not if tried repeatedly. There was no IP block as confirmed by James.

It is possible this was temporary problem. You could check by running the below command from time to time to see if it repeats.

curl -4v https://acme-v02.api.letsencrypt.org/directory

Hard to say more exactly. Maybe another volunteer has better info.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.