Help with ssl with apache2

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: customserver.me

I ran this command: sudo certbot --apache -d customserver.me -d www.customserver.me

It produced this output:
austin@mc:~$ sudo certbot --apache -d customserver.me -d www.customserver.me
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for customserver.me
http-01 challenge for www.customserver.me
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. customserver.me (http-01): urn:ietf:params:a cme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://customserver.me/.well-known/acme-challenge/ll O5TDCX0nM6ps2MNwBxBHotkDX03lFEXyk0qMea7aU: Timeout during connect (likely fi rewall problem), www.customserver.me (http-01): urn:ietf:params:acme:error:c onnection :: The server could not connect to the client to verify the domain :: Fetching http://www.customserver.me/.well-known/acme-challenge/JJa1NH1ex LUQgzimrBl7Qr_D1SKcmFsa_1Wo9_9JI90: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: customserver.me
    Type: connection
    Detail: Fetching
    http://customserver.me/.well-known/acme-challenge/llO5TDCX0nM6ps2MNwBxBHo tkDX03lFEXyk0qMea7aU:
    Timeout during connect (likely firewall problem)

    Domain: www.customserver.me
    Type: connection
    Detail: Fetching
    http://www.customserver.me/.well-known/acme-challenge/JJa1NH1exLUQgzimrBl 7Qr_D1SKcmFsa_1Wo9_9JI90:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

My web server is (include version):apache2.4.29

The operating system my web server runs on is (include version):Xubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

using Certbot): certbot 0.31.0

I am extremely new to SSL please go easy on me. :wink:

1 Like

Is the site accessible from the Internet?
[port 80 needs to be open for the validation to succeed]

1 Like

Yes port 80 is open it works when you type in the IP but not the domain name for some reason.
173.216.36.24

1 Like

I’m now outside my network and it now not wanting to work… would it be possible that my OSP is blocking port 80? Suddenlink communications?

2 Likes

ISPs blocking port 80 is quite common. It’s definitely possible.

Just spoke with them. They did not have anything blocked. Could it be my router?

1 Like

Hi @AustinL321

checking your ip there is no port 80 answer - https://check-your-website.server-daten.de/?q=173.216.36.24

Domainname Http-Status redirect Sec. G
http://173.216.36.24/
173.216.36.24 -14 10.050 T
Timeout - The operation has timed out
https://173.216.36.24/
173.216.36.24 -14 10.060 T
Timeout - The operation has timed out
http://173.216.36.24/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
173.216.36.24 -14 10.060 T
Timeout - The operation has timed out

Only timeouts.

So if your ISP doesn’t block port 80, your router configuration is wrong or there is a blocking firewall.

Port 80 extern -> port 80 intern is required.

2 Likes

I will once I’m home I will look at my firewall rules and figure out what is going on.

1 Like

I will post with an update on my firewall rules

2 Likes

UFW RULES:
root@mc:/var/www# ufw status
Status: active

To Action From


80 ALLOW Anywhere
22 ALLOW Anywhere
53 ALLOW Anywhere
Apache Full ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)


router firewall
Minecraft Server External port: 25565-25565 Internal port: 25565-25565
HTTP External port: 80-80 Internal port 80-80


These are my router and server firewalls

1 Like

Did your internal IP change?
[or did your external IP change?]

Based on your configs, the router should connect
REAL_IP:80 to INTERNAL_IP:80
REAL_IP:25565 to INTERNAL_IP:25565

But neither one connects to anything.

You might want to go ahead and add:
HTTPS External port: 443-443 Internal port 443-443
[if you are going to use it]

1 Like

Like this?

1 Like

Checking your ssh port

telnet 173.216.36.24 23

that answers. So your port rules should be correct.

Works your http internal?

What says

apachectl -S
1 Like

Windows Terminal

austin@mc:~$ apachectl -S
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘Serv
erName’ directive globally to suppress this message

VirtualHost configuration:

*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)

ServerRoot: “/etc/apache2”

Main DocumentRoot: “/var/www/html”

Main ErrorLog: “/var/log/apache2/error.log”

Mutex watchdog-callback: using_defaults

Mutex default: dir="/var/run/apache2/" mechanism=default

PidFile: “/var/run/apache2/apache2.pid”

Define: DUMP_VHOSTS

Define: DUMP_RUN_CFG

User: name=“www-data” id=33 not_used

Group: name=“www-data” id=33 not_used

austin@mc:~$

And yes internal it works

1 Like

What is the internal IP of the web server?
[it should match the router setting: 10.10.10.2]

What is returned by the web server for:
curl -4 https://ifconfig.me/
[it should match the DNS resolution: 173.216.36.24]

1 Like

173.216.36.24 returns back using that command. I have checked that a few time thinking that was the problem.

1 Like

1:50AM sorry if I speak in wired hycose

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.