Let's Encrypt suddenly complains about timeout

My domain is:
https://tromkom.no/

I ran this command:
Unsure, but used cert-manager; The issue happens with the Let's Encrypt servers though.
Note: This is the challenge part of cert-manager

It produced this output:
Error accepting authorization: acme: authorization error for tromkom.no: 400 urn:ietf:params:acme:error:connection: Fetching http://tromkom.no/.well-known/acme-challenge/y-ZiKpljVx-nR4II-2heQpY-tYKf-7eciiPJe4TWOMw: Timeout during connect (likely firewall problem)

My web server is (include version):
Using kubernetes 1.20.x; The actual site that is hosted on https://tromkom.no is using wordpress 5.

The operating system my web server runs on is (include version):
The pod is using alphine 3.14

I can login to a root shell on my machine:
Yes

I'm using a control panel to manage my site:
No

The version of my client is:
cert-manager 1.3.1 (tried using 1.0.9 and 1.1.0 as well)

Extra information:
The setup had worked for months prior to suddenly breaking down; Asked around in the organization and nothing regarding the setup should've been changed anywhere.

Here is the letsencrypt api response: https://acme-v02.api.letsencrypt.org/acme/chall-v3/20629058010/PzyglQ

Do note that I'm able to access the site on port 80/443 without issues in addition when I'm using GET requests to the endpoint mentioned in the debug I get a 404, it does not time out like the response from Let's Encrypt implies.

Well, trying to get to your site times out from both my home network and from my AWS-hosted server. You need your site to be publicly-available on port 80 to use the HTTP-01 challenge. Perhaps your firewall is blocking connections from some parts of the world?

[ec2-user@ip-172-31-23-55 ~]$ curl http://tromkom.no/.well-known/acme-challenge/y-ZiKpljVx-nR4II-2heQpY-tYKf-7eciiPJe4TWOMw:
curl: (28) Failed to connect to tromkom.no port 80: Connection timed out
2 Likes

I'm pretty sure we're not blocking any specific country, I even tried logging into an AWS hosted server of my own and I could run the curl request. If you don't mind me asking, where is your AWS server hosted? I'd like to try and create an instance there myself and see if I can reproduce it.

curl http://tromkom.no/.well-known/acme-challenge/y-ZiKpljVx-nR4II-2heQpY-tYKf-7eciiPJe4TWOMw
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx</center>
</body>
</html>

I was testing from region us-east-1 (availability zone use1-az6).

My home network that also couldn't connect is on AS20115 (Charter Communications, a.k.a. Spectrum), also on the east coast of the US.

1 Like

Thanks, yeah was able to confirm that us-east-1 Zone A does in fact not work.

My server was located in eu-west-3 Zone A.

Thanks a bunch!

2 Likes

It does sound like there's some sort of region-blocking firewall in place, then. Good luck finding the right person who can say "Oh yeah, we turned that on last month" for you :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.