Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g.
https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command: sudo certbot --apache -d
customserver.me -d www.customserver.me
It produced this output:
austin@mc:~$ sudo certbot --apache -d customserver.me -d www.customserver.me
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for customserver.me
http-01 challenge for www.customserver.me
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. customserver.me (http-01): urn:ietf:params:a cme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://customserver.me/.well-known/acme-challenge/ll O5TDCX0nM6ps2MNwBxBHotkDX03lFEXyk0qMea7aU: Timeout during connect (likely fi rewall problem), www.customserver.me (http-01): urn:ietf:params:acme:error:c onnection :: The server could not connect to the client to verify the domain :: Fetching http://www.customserver.me/.well-known/acme-challenge/JJa1NH1ex LUQgzimrBl7Qr_D1SKcmFsa_1Wo9_9JI90: Timeout during connect (likely firewall problem)
The following errors were reported by the server:
Timeout during connect (likely firewall problem)
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
My web server is (include version):apache2.4.29
The operating system my web server runs on is (include version):Xubuntu 18.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
using Certbot): certbot 0.31.0
I am extremely new to SSL please go easy on me.
Is the site accessible from the Internet?
[port 80 needs to be open for the validation to succeed]
Yes port 80 is open it works when you type in the IP but not the domain name for some reason.
I’m now outside my network and it now not wanting to work… would it be possible that my OSP is blocking port 80? Suddenlink communications?
ISPs blocking port 80 is quite common. It's definitely possible.
Just spoke with them. They did not have anything blocked. Could it be my router?
checking your ip there is no port 80 answer -
So if your ISP doesn't block port 80, your router configuration is wrong or there is a blocking firewall.
Port 80 extern -> port 80 intern is required.
I will once I’m home I will look at my firewall rules and figure out what is going on.
I will post with an update on my firewall rules
root@mc:/var/www# ufw status
To Action From
80 ALLOW Anywhere
22 ALLOW Anywhere
53 ALLOW Anywhere
Apache Full ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Minecraft Server External port: 25565-25565 Internal port: 25565-25565
HTTP External port: 80-80 Internal port 80-80
These are my router and server firewalls
Did your internal IP change?
[or did your external IP change?]
Based on your configs, the router should connect
REAL_IP:80 to INTERNAL_IP:80
REAL_IP:25565 to INTERNAL_IP:25565
But neither one connects to anything.
You might want to go ahead and add:
HTTPS External port: 443-443 Internal port 443-443
[if you are going to use it]
Checking your ssh port
telnet 18.104.22.168 23
that answers. So your port rules should be correct.
Works your http internal?
austin@mc:~$ apachectl -S
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘Serv
erName’ directive globally to suppress this message
*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex watchdog-callback: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
User: name=“www-data” id=33 not_used
Group: name=“www-data” id=33 not_used
And yes internal it works
What is the internal IP of the web server?
[it should match the router setting: 10.10.10.2]
What is returned by the web server for:
curl -4 https://ifconfig.me/
[it should match the DNS resolution: 22.214.171.124]
126.96.36.199 returns back using that command. I have checked that a few time thinking that was the problem.
1:50AM sorry if I speak in wired hycose
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.