Periodic connection timeout

Hello!

I have a number of self-hosted services running on the same public IP (Russian) with different domain names. This setup has worked fine for years. Now, when I try to issue/update certificates, I get a periodic error Timeout during connect (likely firewall problem).

These errors appear periodically for the same IP address. The same request may fail one time and succeed the other time.

The same problem occurs with acme.sh's nginx and standalone modes.

From the symptoms, it looks like my IP might be blocked by some of the Multi-Perspective validation servers. How can I solve this problem or check that I'm blocked from using Let's Encrypt?

• My domains are:
  • openproject.accel.ru
  • nextcloud.accel.ru
  • git.accel.ru
• I ran this command:

  acme.sh --issue \
    -d openproject.accel.ru \
    -d nextcloud.accel.ru \
    -d git.accel.ru \
    --standalone \
    --cert-file /etc/ssl/certs/cert.pem \
    --key-file /etc/ssl/private/key.pem
  

• It produced this output:
  Sometimes, about 50% of the requests, I get the Timeout during connect (likely firewall problem) error
• My web server is: nginx 1.23.3; socat
• The operating system my web server runs on is Debian 12.9 (stable; Bookworm)
• My application is self hosted, docker based
• I can login to a root shell on my machine
• I'm not using a control panel to manage my site
• The version of my client is: acme.sh v3.0.5

I think your issue isn't anything specific to Let's Encrypt; your site just doesn't always respond. I tried a test site that connects from multiple places around the world, and it regularly showed several not working, but as you say it's intermittent and different ones working at different times. I'm guessing you might have some firewall or router which isn't keeping up with the traffic or has a loose cable or otherwise has some intermittent problem, or maybe is trying to be too "smart" for its own good.

Thanks! I'll continue my investigations.