Let’s Encrypt problem

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: studiosh2o.com

I ran this command:

It produced this output:

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.3.0


I’ve been having trouble in my place since yesterday.

It seems that I have a problem with the SSL certificate.


I’ve renewed the certificate and everything is correct. But I don’t understand what’s going on. I thought it was a Let’s Encrypt problem with the certificates and that my site would be affected but when I check in:


I get the error:

unknown: dial tcp i/o timeout

What could be happening?

Thank you all very much for your attention.

That shows “Assessment failed: Unable to connect to the server” right now.

The checkhost service makes a connection to your site to see what certificate you’re using, and apparently it’s timing out.

For me, accessing http://www.studiosh2o.com/ works (it returns a redirect to HTTPS) but accessing https://www.studiosh2o.com/ times out.

Maybe there’s a firewall blocking port 443 to your website?

nmap -sT -O localhost

it gives me back:

80/tcp open http
443/tcp open https

s a firewall I use iptables

Can you connect from other parts of the Internet, though?


Is DigitalOcean’s Cloud Firewall configured to block port 443?

nmap -sT -O (my ip)

it gives me back:

80/tcp filtered http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp filtered https
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap

Your website’s IP is

nmap -sT -O

it gives me back:

80/tcp open http
443/tcp open https
6666/tcp open irc

I use nmap by SSH on the server

If you ran nmap from the server, that shows that the server can connect to itself. However, other things can’t connect to it.


I don’t understand anything. Until yesterday everything was working fine. And today I find myself with this problem.

I thought it was a Let’s Encrypt problem. Well, today I got an email that said:

Sites Using a Let’s Encrypt TLS Certificate May Throw Security Warnings

How can it be a problem of a closed port if I have not touched anything and until yesterday everything was working correctly?

Same issue from Oregon, USA
Except both http and https are timing out.

Then whose problem is it? Let’s Encrypt?

No. The timing is probably a coincidence. It’s probably some kind of firewall issue. Maybe a networking issue with your host.

1 Like

Hi @studios
@mnordhoff is right.


One correction on my part though… your http IS working but the timeout occurs after the redirect to https.


What does that mean?

It probably means you have a firewall blocking port 443.

But until yesterday everything worked fine and I haven’t touched a thing. How can that be?

Well something has changed!

Nmap scan report for studiosh2o.com (
Host is up (0.16s latency).
rDNS record for frontend.studiosh2o.com
Not shown: 997 filtered ports
22/tcp   open   ssh
80/tcp   open   http
2222/tcp closed EtherNetIP-1

What that means is your port 443 IS filtered and needs to be opend to the public. (Your firewall most likeky)


I don’t get it.

Has only port 443 been closed?

I haven’t touched anything!



80/tcp open http
443/tcp open https

Check with your hosting provider.

@mnordhoff asked Is DigitalOcean’s Cloud Firewall configured to block port 443?

If you see it open on your local network, and we confirm it is closed… Check with your provider.