Keep getting timeout error messages: 'An expected error occured:'

My domain is: multimedia-programmer.com

I ran this command: sudo certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: multimedia-programmer.com
2: www.multimedia-programmer.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
An unexpected error occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 387, in _make_request
six.raise_from(e, None)
File “”, line 3, in raise_from
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 383, in _make_request
httplib_response = conn.getresponse()
File “/usr/lib/python3.6/http/client.py”, line 1331, in getresponse
response.begin()
File “/usr/lib/python3.6/http/client.py”, line 297, in begin
version, status, reason = self._read_status()
File “/usr/lib/python3.6/http/client.py”, line 258, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), “iso-8859-1”)
File “/usr/lib/python3.6/socket.py”, line 586, in readinto
return self._sock.recv_into(b)
File “/usr/lib/python3.6/ssl.py”, line 1012, in recv_into
return self.read(nbytes, buffer)
File “/usr/lib/python3.6/ssl.py”, line 874, in read
return self._sslobj.read(len, buffer)
File “/usr/lib/python3.6/ssl.py”, line 631, in read
v = self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 440, in send
timeout=timeout
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 367, in increment
raise six.reraise(type(error), error, _stacktrace)
File “/usr/lib/python3/dist-packages/six.py”, line 693, in reraise
raise value
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 601, in urlopen
chunked=chunked)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 389, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 309, in _raise_timeout
raise ReadTimeoutError(self, url, “Read timed out. (read timeout=%s)” % timeout_value)
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)

During handling of the above exception, another exception occurred:

requests.exceptions.ReadTimeout: HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out. (read timeout=45)
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Ubuntu Server 18.04 Bionic Beaver

My hosting provider, if applicable, is: The domain is bought from namecheap and using their Basic DNS. Hosting is NOT by them.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

My domain is new and I have never gotten a certificate before.I have already tried temporarily disabling the firewall and ensured ports 80 and 443 are open. A check on https://check-your-website.server-daten.de/?q= returned many ‘No’ results but my website is online.

  1. No IP-Addresses found
  2. No DNSSEC - Informations found
  3. No Nameserver entries found
  4. No SOA entries found

Hi @sparkster

where do you see that result?

There are a lot of checks - https://check-your-website.server-daten.de/?q=multimedia-programmer.com - last is one hour old.

Host T IP-Address is auth. ∑ Queries ∑ Timeout
multimedia-programmer.com A 60.50.130.145 Shah Alam/Selangor/Malaysia (MY) - Tmnet, Telekom Malaysia Bhd. Hostname: 145.130.50.60.jb02-home.tm.net.my yes 1 0
AAAA yes
www.multimedia-programmer.com A 60.50.130.145 Shah Alam/Selangor/Malaysia (MY) - Tmnet, Telekom Malaysia Bhd. Hostname: 145.130.50.60.jb02-home.tm.net.my yes 1 0
AAAA yes

Looks like you read results, but the check isn’t finished.

And you have already created a certificate today:

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-07-19 2019-10-17 multimedia-programmer.com, www.multimedia-programmer.com - 2 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-07-11 2019-10-09 www.multimedia-programmer.com - 1 entries
Let’s Encrypt Authority X3 2019-07-11 2019-10-09 www.multimedia-programmer.com - 1 entries
Let’s Encrypt Authority X3 2019-07-11 2019-10-09 multimedia-programmer.com - 1 entries
Let’s Encrypt Authority X3 2019-07-11 2019-10-09 multimedia-programmer.com - 1 entries
Let’s Encrypt Authority X3 2019-07-11 2019-10-09 multimedia-programmer.com - 1 entries
Let’s Encrypt Authority X3 2019-07-11 2019-10-09 multimedia-programmer.com - 1 entries
Let’s Encrypt Authority X3 2019-07-11 2019-10-09 multimedia-programmer.com - 1 entries

But your https doesn’t work, looks like a blocking firewall.

Domainname Http-Status redirect Sec. G
http://multimedia-programmer.com/
60.50.130.145 200 0.390 H
http://www.multimedia-programmer.com/
60.50.130.145 200 0.403 H
https://multimedia-programmer.com/
60.50.130.145 -2 1.616 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 60.50.130.145:443
https://www.multimedia-programmer.com/
60.50.130.145 -2 1.610 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 60.50.130.145:443

So first step: Check your firewall.

And your hostname - Hostname: 145.130.50.60.jb02-home.tm.net.my - looks like a home server.

So you need a correct port forwarding port 443 extern -> port 443 intern.

Hello Juergen, yes - I am home-serving my website at the moment just for learning purposes as I am studying IT.

thanks a lot for the tip on port 443! It looks like I did not configure my virtual hosts to listen for this port and a quick check on https://canyouseeme.org/ now shows the port is open. As there are already certificates for my website https://crt.sh/?q=%multimedia-programmer.com, what do I need to do next to obtain the https connection? Please guide me so I won’t mess up the system.

What says

certbot certificates

Is there the newest certificate?

What says

apachectl -S

Checking your vHost configuration.

$ certbot certificates
No certs found.

$ apachectl -S
VirtualHost configuration:
*:443 multimedia-programmer.com (/etc/apache2/sites-enabled/multimedia-programmer.com.conf:1)
*:80 multimedia-programmer.com (/etc/apache2/sites-enabled/multimedia-programmer.com.conf:34)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33 not_used
Group: name=“www-data” id=33 not_used

Why is this empty? Where are the certificates you have created?

I am not sure, Juergen as this is new to me. Maybe none of the certificates were installed because it did not pass ALL the challenges due to the timeout error?

To rectify this, is it a good idea to re-create, update or perhaps revoke the old certificates based on the steps listed in the documentation? https://certbot.eff.org/docs/using.html#managing-certificates. If I try again, my hope is that tls-alpn-01 would pass as port 443 is now open followed by dns-01 (assuming that namecheap’s basic DNS has a better chance of passing the challenges than me trying to configure my own DNS).

Here is part of my logs:
“identifier”: {
“type”: “dns”,
“value”: “www.multimedia-programmer.com
},
“status”: “valid”,
“expires”: “2019-08-10T08:30:12Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “valid”,
“url”: "https://acme-v02.api.letsencrypt.org/acme/challenge/cFM0GElu6qSqN9AIBFMos7U5rPj45-YHcgXTycEfA3k/18128222770",
“token”: “-6xN1K93nLG8NT4NAvuCw4AY_nsVOw0B0GjHzKNkHyA”,

“validationRecord”: [
{
“url”: "http://www.multimedia-programmer.com/.well-known/acme-challenge/-6xN1K93nLG8NT4NAvuCw4AY_nsVOw0B0GjHzKNkHyA",
“hostname”: “www.multimedia-programmer.com”,
“port”: “80”,
“addressesResolved”: [
“60.50.2.188”
],
“addressUsed”: “60.50.2.188”
}
]
},
{
"type": “tls-alpn-01”,
"status": “pending”,
“url”: "https://acme-v02.api.letsencrypt.org/acme/challenge/cFM0GElu6qSqN9AIBFMos7U5rPj45-YHcgXTycEfA3k/18128222771",
“token”: “23caaE4Uw8BDECSbbnizHv7pxzxxp0Gji43HR34pAAI”

},
{
"type": “dns-01”,
"status": “pending”,
“url”: "https://acme-v02.api.letsencrypt.org/acme/challenge/cFM0GElu6qSqN9AIBFMos7U5rPj45-YHcgXTycEfA3k/18128222774",
“token”: “f8_8zh9oxeobHKqtUNwOxc0USGeB2GM1SzRRIj8BS0U”

}

You have created a lot of certificates. So if certbot certificates doesn’t show these, you have deleted the certificates.

Never delete active certificates if the private key isn’t comprimised. And then never revoke certificates.

Please read the basics

then check the challenge types:

If you use certbot, tls-alpn is irrelevant. If you use --apache, dns-01 is irrelevant.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.