Http validation failing and no attempt seen in firewall logs on port 80

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:.com

I ran this command:certbot certonly --manual

It produced this output:
Timeout during connect (likely firewall problem)

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
Ubuntu 22.04

My hosting provider, if applicable, is:
n/a

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.21.0

I have been attempting to validate the domain in various ways with no success and have resorted to --manual, I have created the files requested and can access them myself via port80 http and see the log on both firewall, and a tcpdump on the server but never see an attempt from the letsencrypt validation and so get the "Timeout during connect (likely firewall problem)"

Now I know this sound like it has to be firewall related but I am being assured by the team there is nothing blocking this connectivity so seems really strange.

Any ideas?

Without an actual domain name we cannot give specific advice. If you can access files with HTTP from outside your network but Let's Encrypt cannot then there may be a firewall doing blocking by geography, ip address, or user-agent.

Try the Let's Debug test site. It tests connectivity a couple ways. You should see requests in your logs from the test site itself and the Let's Encrypt staging system which it also uses. Click its "Show Verbose Information" on its results page.
https://letsdebug.net

4 Likes

Maybe you need a better team - LOL

3 Likes

My guess would be that the domain does not point to the server/network that you expect it does, and that's why it doesn't hit your firewall either. Check your domain using letsdebug first as this will also tell you if for instance you have conflicting IPv4 and IPv6 server resolution which is another common problem.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.