Failed authorization procedure

Hello.

I know this has been asked and solved/not solved many times in this forum and others too. I have looked at all I could find for 2-3 days and nothing worked.

I have a very strange case, where I have 5 websites running on my self-hosted server, configured with Apache virtual hosts. I have generated certs for all of them a few month ago. Everything was just fine and working correctly.

3 days ago, only one of my websites, rebelscience.club, suddenly has a certificate issue and does not work through https any more. I did not change a thing. It just stopped working. Now I can’t renew it.

5 Domains on my server:

My domain is: rebelscience.club

I ran this command: sudo certbot --apache

It produced this output:

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. rebelscience.club (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://rebelscience.club/.well-known/acme-challenge/okVHy5bhBFtgugtEaJ74tEmKmHH0pXknmf8thyTuB9I: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: rebelscience.club
   Type:   connection
   Detail: Fetching
   http://rebelscience.club/.well-known/acme-challenge/okVHy5bhBFtgugtEaJ74tEmKmHH0pXknmf8thyTuB9I:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version):
apache2

The operating system my web server runs on is (include version):

Debian GNU/Linux 10 (buster) x86_64
Kernel: 5.5.0-0.bpo.2-amd64

My hosting provider, if applicable, is:
self-hosted

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

Regards.

1 Like

Indeed it is not possible to connect to your server on port 80 (HTTP) - it times out. Let’s Encrypt’s HTTP validation method relies on this port being accessible.

You can verify this by using a site such as https://portchecker.co. Compare port 80 with port 443.

Are you sure that you have not changed any of your port forwarding, or configured any firewalls on your Linux server?

1 Like

Alright. Something super odd happened.

I definitely did not touch any configs since I have my setup working. I did check all the port forwarding by LOOKING at the list, not testing the ports. Odd thing is, all ports, including 80 and 443 where, of course, there, but 80 was no accessible (when tested with the website you provided). So I removed it and added the forwarding again and it fixed it.

Looks like some kind of bug happened in my router configuration. This could have good for days if I just did not remove the exiting forwarding and added it again.

Router is TP-Link Archer C6.

Thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.