Problem creating a new certificate error 400 timeout during conect

AlanExerom · October 18, 2023, 12:34pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://dev-smartvet.exerom.com/

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output:

An error occurred creating certificates with Let's Encrypt:

2023/10/18 12:12:07 [INFO] [dev-smartvet.exerom.com] acme: Obtaining bundled SAN
certificate
2023/10/18 12:12:07 [INFO] [dev-smartvet.exerom.com] AuthURL:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/275048734646
2023/10/18 12:12:07 [INFO] [dev-smartvet.exerom.com] acme: use tls-alpn-01
solver
2023/10/18 12:12:07 [INFO] [dev-smartvet.exerom.com] acme: Trying to solve
TLS-ALPN-01
2023/10/18 12:12:22 [INFO] Deactivating auth:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/275048734646
2023/10/18 12:12:22 Could not obtain certificates:
error: one or more domains had a problem:
[dev-smartvet.exerom.com] acme: error: 400 ::
urn:ietf:params:acme:error:connection :: 54.196.40.94: Timeout during connect
(likely firewall problem)

Please check our documentation and support forums, we'll be happy to help!

My web server is (include version): apache

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Osiris · October 18, 2023, 1:17pm

For some reason the bncert-tool is using the tls-alpn-01 challenge. But port 443 is not open apparently, so it fails.

AlanExerom · October 24, 2023, 4:01pm

Thank you very much, it seems that the tls-alpn-01 challenge is not compatible with Apache, and that's why it's failing (as port 443 is open). Is it possible to change the challenge type? How can I do that?

Osiris · October 24, 2023, 4:09pm

No, it's not. Not from the public internet anyway.

Bruce5051 · October 24, 2023, 4:22pm

Using nmap would indicate otherwise; adding to what others have already said.

$ nmap -Pn -p80,443 dev-smartvet.exerom.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-24 16:20 UTC
Nmap scan report for dev-smartvet.exerom.com (54.196.40.94)
Host is up (0.081s latency).
rDNS record for 54.196.40.94: ec2-54-196-40-94.compute-1.amazonaws.com

PORT    STATE    SERVICE
80/tcp  open     http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 2.05 seconds

rg305 · October 24, 2023, 5:56pm

If you use mod_ssl, it could be made "compatible".

But first, as you've already been told twice, you must open port 443 to the Internet.

system · November 23, 2023, 5:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ConnectTimeout when registering certificate Help	28	1436	November 20, 2022
Connection timed out Help	8	3464	November 18, 2019
Issue when creating ssl Help	4	853	May 30, 2020
Timeout during connect (likely firewall problem) Help	16	1726	November 29, 2022
Timeout for new certificates Help	11	3825	February 11, 2022

Problem creating a new certificate error 400 timeout during conect

Related topics