Hi all! A few weeks ago we landed a change to Boulder to improve the validation errors it presents in timeout cases. Now it will say either “Timeout during connect (likely firewall problem)” or “Timeout after connect (your server may be slow or overloaded)”. The former is by far the most common. In the process, we found an interesting race condition that was causing us to mis-handle timeouts during HTTP-01 validations that timed out on an IPv6 address: those validations wouldn’t proceed to fall back to IPv4 as we intended, and would also report the wrong error. That’s now fixed.
Hopefully these changes make it easier for people to figure out their exact problems, and also easier to help them. I’ll be curious to know if they usually make sense. For instance, the “likely firewall problem” could also be “you have the wrong IP address, and it’s unrouteable,” but that seems less common. Please let me know if you spot a lot of cases in the forum contradicting this! One example I just saw: Someone’s ISP was blocking port 80. I think this is probably close enough to a firewall problem that the message reasonably covers it.