Failed authorization procedure - Timeout during connect (likely firewall problem)

Hi,

I pretty sure this topic has been discussed before but I really need help to solve this problem.
For your concerns, ports 80, 8080, 443, 32768 (nginx) are open using ufw as well as on my router.

I have checked namecheap for my ip address and DNS forwarding. Everything is ok.

My web server is (include version):
nginx 1.10.3

The operating system my web server runs on is (include version):
debian 9

My hosting provider, if applicable, is:
namecheap

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.28.0

Thanks in advance for your help,

Camaalot

I get this message while running certbot certonly --webroot -d kaufranitz.net -d www.kaufranitz.net --email camaalot@gmail.com -w /var/www/_l
etsencrypt -n --agree-tos --force-renewal:

Failed authorization procedure. www.kaufranitz.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.kaufranitz.net/.well-known/acme-challenge/It1tYYzBqt1Fd6-w7djQndMSd_mpsdRTQezuMCtcCZs: Timeout during connect (likely firewall problem), kaufranitz.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://kaufranitz.net/.well-known/acme-challenge/TObvU3QmpQL90-fiWaY51HwHxa4lw5H52bL8YFStZqo: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

From one of my systems, I can’t connect to any of those ports, or ping your IP. They all time out.

Are you certain 142.118.213.116 is the correct IP?

Are you able to connect to them from outside your local network? From another customer on the same ISP? From another ISP? From another country?

Are you certain your port forwarding settings are correct?

Are you certain your firewall settings are correct?

Are you certain your ISP isn’t blocking everything?

Edit: For that matter, are you certain there isn’t a major outage?

1 Like

Hi mnordhoff

Answering some of your questions for now,

Me too, the domain times out when connecting form outside the network.

The ip is correct.

The port forwarding are correct because I can connect to all of those ports from my local network.

Is the ISP blocking ? Well, this I don’t know. I’ll have to check.

And, finally, there’s no outtage.

Thanks for answwering so rapidly,

Camaalot

1 Like

Here’s the ddclient --query on my machine.

ddclient --query Can't exec "ifconfig": Aucun fichier ou dossier de ce type at /usr/sbin/ddclient line 1426. use=web, web=dnspark address is NOT FOUND use=web, web=dyndns address is 142.118.213.116 use=web, web=loopia address is 142.118.213.116 use=web, web=dynamicdns.park-your-domain.com/getip address is 142.118.213.116