Fetching Timeout

My domain is: wigoltingen.schaelchli.ch

I ran this command: certbot-auto renew -v

It produced this output:
nolink=https


Sending GET request to nolink://acme-v01.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
nolink://acme-v01.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 561
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 561
Replay-Nonce: 0gE_Sf8ID0tzzyfWMG1n-mSpIY06SgSTLSaud01loic
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 07 Oct 2017 12:10:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 07 Oct 2017 12:10:49 GMT
Connection: keep-alive

{
“Kp8XL5LKoag”: “nolink://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417”,
“key-change”: “nolink://acme-v01.api.letsencrypt.org/acme/key-change”,
“meta”: {
“terms-of-service”: “nolink://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf”
},
“new-authz”: “nolink://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “nolink://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “nolink://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “nolink://acme-v01.api.letsencrypt.org/acme/revoke-cert”
}
Renewing an existing certificate
Requesting fresh nonce
Sending HEAD request to nolink://acme-v01.api.letsencrypt.org/acme/new-authz.
nolink://acme-v01.api.letsencrypt.org:443 “HEAD /acme/new-authz HTTP/1.1” 405 0
Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: ePdN55WC6iaihnqySzBT32j3x4BfHkkexPTLTrfnPVA
Expires: Sat, 07 Oct 2017 12:10:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 07 Oct 2017 12:10:49 GMT
Connection: keep-alive

Performing the following challenges:
http-01 challenge for wigoltingen.schaelchli.ch
Creating root challenges validation dir at /var/www/ssl.req/.well-known/acme-challenge
Attempting to save validation to /var/www/ssl.req/.well-known/acme-challenge/sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY
Waiting for verification…

Sending GET request to nolink://acme-v01.api.letsencrypt.org/acme/authz/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs.
nolink://acme-v01.api.letsencrypt.org:443 “GET /acme/authz/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs HTTP/1.1” 200 1759
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1759
Link: nolink://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: I7c6A7bUK0FUnOcVJw3Wk8TfMIPlh8bJg60aSFSYItI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 07 Oct 2017 12:10:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 07 Oct 2017 12:10:57 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “wigoltingen.schaelchli.ch
},
“status”: “invalid”,
“expires”: “2017-10-14T12:10:50Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “nolink://acme-v01.api.letsencrypt.org/acme/challenge/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs/2150071447”,
“token”: “8vD3g3dTwK2YL4uHUsVnBx6SwcHYcdLS1EnpMdiYnCE”
},
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Fetching http://wigoltingen.schaelchli.ch/.well-known/acme-challenge/sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY: Timeout”,
“status”: 400
},
“uri”: “nolink://acme-v01.api.letsencrypt.org/acme/challenge/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs/2150071457”,
“token”: “sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY”,
“keyAuthorization”: “sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY.P4g78kig4VWlE5t408I7yIz16LwHP5rhbCT2pOWrBuE”,
“validationRecord”: [
{
“url”: “http://wigoltingen.schaelchli.ch/.well-known/acme-challenge/sCI44mNzdLCZg1iXpH-RpXQsf3_ci6o47b6N8dvTlkY”,
“hostname”: “wigoltingen.schaelchli.ch”,
“port”: “80”,
“addressesResolved”: [
“212.203.43.46”
],
“addressUsed”: “212.203.43.46”,
“addressesTried”: []
}
]
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “nolink://acme-v01.api.letsencrypt.org/acme/challenge/Fg3b0UMDE-o-vl2E65xZqky_NCtLFnO7ESdiu4vSNGs/2150071462”,
“token”: “ZQ_YkzmXSRdsTIysesyiplFT3PIA0psxxY-o1eD1Oko”
}
],
“combinations”: [
[
2
],
[
0
],
[
1
]
]
}

My web server is (include version): nginx/1.6.2

The operating system my web server runs on is (include version): Debian 3.16.43-2 jessie

My hosting provider, if applicable, is: My ISP is leucom.ch

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I can get the letsencrypt verification-File via SSH and WGET on a Server in France (no Timeout).
Script:
#!/bin/bash

while :
do
sleep 1
file=$(ls /var/www/ssl.req/.well-known/acme-challenge/ 2>/dev/null)
f_o=$(echo $file | grep -e “.{1,}” | wc -l)
if [ $f_o -eq 1 ]
then
echo "$f_o ==> $file"
break;
fi
done

ssh user@server “wget http://wigoltingen.schaelchli.ch/.well-known/acme-challenge/${file}

HTTP and HTTPS are unresponsive for wigoltingen.schaelchli.ch (212.203.43.46).
Is your firewall open?

It was only a Test. The Port are now re-open for http

HTTP Test Page
https was on special Port and now also on normal Port.
Testpage with https://de.hideproxy.me is successful.

nourl://wigoltingen.schaelchli.ch/.well-known/test.html
and
nourl://wigoltingen.schaelchli.ch/.well-known/acme-challenge/test.html
both fail from my systems...

Is there any other inline device/process that would stop inbound HTTP/HTTPS connections?
IPS...

I have only a Firewall (www.ipfire.org) and the Device with the nginx has no extra Firewall.

On my Server in France (nourl=http;nourls=https):
wget nourl://wigoltingen.schaelchli.ch/.well-known/test.html
converted ‘nourl://wigoltingen.schaelchli.ch/.well-known/test.html’ (ANSI_X3.4-19 68) -> ‘nourl://wigoltingen.schaelchli.ch/.well-known/test.html’ (UTF-8)
–2017-10-07 22:23:43-- nourl://wigoltingen.schaelchli.ch/.well-known/test.html
Resolving wigoltingen.schaelchli.ch (wigoltingen.schaelchli.ch)… 212.203.43.46
Connecting to wigoltingen.schaelchli.ch (wigoltingen.schaelchli.ch)|212.203.43.4 6|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 14 [text/html]
Saving to: ‘test.html’

test.html 100%[=====================>] 14 --.-KB/s in 0s

2017-10-07 22:23:43 (3.54 MB/s) - ‘test.html’ saved [14/14]

wget --no-check-certificate nourls://wigoltingen.schaelchli.ch/.well-known/test.html
converted ‘nourls://wigoltingen.schaelchli.ch/.well-known/test.html’ (ANSI_X3.4-1968) -> ‘nourls://wigoltingen.schaelchli.ch/.well-known/test.html’ (UTF-8)
–2017-10-07 22:25:30-- nourls://wigoltingen.schaelchli.ch/.well-known/test.html
Resolving wigoltingen.schaelchli.ch (wigoltingen.schaelchli.ch)… 212.203.43.46
Connecting to wigoltingen.schaelchli.ch (wigoltingen.schaelchli.ch)|212.203.43.46|:443… connected.
WARNING: The certificate of ‘wigoltingen.schaelchli.ch’ is not trusted.
WARNING: The certificate of ‘wigoltingen.schaelchli.ch’ has expired.
The certificate has expired
HTTP request sent, awaiting response… 200 OK
Length: 14 [text/html]
Saving to: ‘test.html.1’

test.html.1 100%[===========================================================================================>] 14 --.-KB/s in 0s

2017-10-07 22:25:30 (23.5 MB/s) - ‘test.html.1’ saved [14/14]

Has my ISP a GEO-IP block System?
Can you ping me wigoltingen.schaelchli.ch ?
ping wigoltingen.schaelchli.ch
PING wigoltingen.schaelchli.ch (212.203.43.46) 56(84) bytes of data.
64 bytes from cust.dynamic.leunet.ch (212.203.43.46): icmp_seq=1 ttl=53 time=28.0 ms
64 bytes from cust.dynamic.leunet.ch (212.203.43.46): icmp_seq=2 ttl=53 time=29.0 ms
64 bytes from cust.dynamic.leunet.ch (212.203.43.46): icmp_seq=3 ttl=53 time=31.1 ms

Now it’s done, but i don’t know why!??!

I now get 401 for both HTTP and HTTPS:

wget nourl://wigoltingen.schaelchli.ch/
–2017-10-07 20:38:45-- nourl://wigoltingen.schaelchli.ch/
Resolving wigoltingen.schaelchli.ch (wigoltingen.schaelchli.ch)… 212.203.43.46
Connecting to wigoltingen.schaelchli.ch (wigoltingen.schaelchli.ch)|212.203.43.46|:80… connected.
nourl request sent, awaiting response… 401 Unauthorized
Username/Password Authentication Failed.

wget nourls://wigoltingen.schaelchli.ch/
–2017-10-07 20:38:52-- nourls://wigoltingen.schaelchli.ch/
Resolving wigoltingen.schaelchli.ch (wigoltingen.schaelchli.ch)… 212.203.43.46
Connecting to wigoltingen.schaelchli.ch (wigoltingen.schaelchli.ch)|212.203.43.46|:443… connected.
nourl request sent, awaiting response… 401 Unauthorized
Username/Password Authentication Failed.

All directorys without .well-known was protectet. That’s ok.
But why you and the letsencrypt server can’t connect to my Webserver is mysterious.
Thanks for the Help. Now i close the normal Ports.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.