Let’s Encrypt problem

studios · March 4, 2020, 5:10pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: studiosh2o.com

I ran this command:

It produced this output:

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.3.0

Hello,

I’ve been having trouble in my place since yesterday.

It seems that I have a problem with the SSL certificate.

https://www.ssllabs.com/ssltest/analyze.html?d=www.studiosh2o.com

I’ve renewed the certificate and everything is correct. But I don’t understand what’s going on. I thought it was a Let’s Encrypt problem with the certificates and that my site would be affected but when I check in:

https://checkhost.unboundtest.com/

I get the error:

unknown: dial tcp 188.226.194.196:443: i/o timeout

What could be happening?

Thank you all very much for your attention.

mnordhoff · March 4, 2020, 5:18pm

That shows "Assessment failed: Unable to connect to the server" right now.

The checkhost service makes a connection to your site to see what certificate you're using, and apparently it's timing out.

For me, accessing http://www.studiosh2o.com/ works (it returns a redirect to HTTPS) but accessing https://www.studiosh2o.com/ times out.

Maybe there's a firewall blocking port 443 to your website?

studios · March 4, 2020, 5:23pm

nmap -sT -O localhost

it gives me back:

80/tcp open http
443/tcp open https

s a firewall I use iptables

mnordhoff · March 4, 2020, 5:24pm

Can you connect from other parts of the Internet, though?

Edit:

Is DigitalOcean’s Cloud Firewall configured to block port 443?

studios · March 4, 2020, 5:26pm

nmap -sT -O 85.54.194.190 (my ip)

it gives me back:

PORT STATE SERVICE
80/tcp filtered http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp filtered https
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap

mnordhoff · March 4, 2020, 5:27pm

Your website’s IP is 188.226.194.196.

studios · March 4, 2020, 5:30pm

nmap -sT -O 188.226.194.196

it gives me back:

PORT STATE SERVICE
80/tcp open http
443/tcp open https
6666/tcp open irc

I use nmap by SSH on the server 188.226.194.196

mnordhoff · March 4, 2020, 5:36pm

If you ran nmap from the server, that shows that the server can connect to itself. However, other things can’t connect to it.

studios · March 4, 2020, 5:40pm

I don’t understand anything. Until yesterday everything was working fine. And today I find myself with this problem.

I thought it was a Let’s Encrypt problem. Well, today I got an email that said:

Sites Using a Let’s Encrypt TLS Certificate May Throw Security Warnings

How can it be a problem of a closed port if I have not touched anything and until yesterday everything was working correctly?

Rip · March 4, 2020, 5:40pm

Same issue from Oregon, USA
Except both http and https are timing out.
Rip

studios · March 4, 2020, 5:42pm

Then whose problem is it? Let’s Encrypt?

mnordhoff · March 4, 2020, 5:43pm

No. The timing is probably a coincidence. It’s probably some kind of firewall issue. Maybe a networking issue with your host.

Rip · March 4, 2020, 5:50pm

Hi @studios
@mnordhoff is right.

Coincidence.

One correction on my part though.. your http IS working but the timeout occurs after the redirect to https.

Rip

studios · March 4, 2020, 5:52pm

What does that mean?

mnordhoff · March 4, 2020, 5:53pm

It probably means you have a firewall blocking port 443.

studios · March 4, 2020, 5:54pm

But until yesterday everything worked fine and I haven’t touched a thing. How can that be?

Rip · March 4, 2020, 5:57pm

Well something has changed!

Nmap scan report for studiosh2o.com (188.226.194.196)
Host is up (0.16s latency).
rDNS record for 188.226.194.196: frontend.studiosh2o.com
Not shown: 997 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
2222/tcp closed EtherNetIP-1

What that means is your port 443 IS filtered and needs to be opend to the public. (Your firewall most likeky)

Rip

studios · March 4, 2020, 5:59pm

I don’t get it.

Has only port 443 been closed?

I haven’t touched anything!

studios · March 4, 2020, 6:01pm

nmap 188.226.194.196

—>

80/tcp open http
443/tcp open https

Rip · March 4, 2020, 6:03pm

Check with your hosting provider.

@mnordhoff asked Is DigitalOcean’s Cloud Firewall configured to block port 443?

If you see it open on your local network, and we confirm it is closed.... Check with your provider.

Rip

Topic		Replies	Views
Error With Website Certificate Help	7	1303	April 15, 2022
Letsencrypt certificate issue Help	3	393	June 9, 2022
Struggling with certificate Help	3	514	July 18, 2022
容器部署脚本申请ssl证书，直接报错了 Help	26	1416	March 11, 2023
I cant create ssl certificates Help	17	444	June 17, 2024

Let’s Encrypt problem

Related topics