Renew: Timeout during connect

witcher · October 12, 2025, 1:10pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: martynkov.ru

I ran this command: sudo certbot renew

It produced this output: Timeout during connect (likely firewall problem)

My web server is (include version): nginx/1.24.0

The operating system my web server runs on is (include version): Ubuntu 24.04

My hosting provider, if applicable, is: selfhosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 5.1.0

Domain is accessible from 50/50 locations: Website Availability Test - Check Website Uptime | Uptimia

Check: martynkov.ru - Make your website better - DNS, redirects, mixed content, certificates

Osiris · October 12, 2025, 2:08pm

Then the fact it's not 100 % is likely the issue.

witcher · October 12, 2025, 2:12pm

Certbot failed on secondary validation. In nginx access.log I see
23.178.112.107 - - [12/Oct/2025:13:03:39 +0000] "GET /.well-known/acme-challenge/hqtwk38SkBi6fF7B9og1UccohNROA3CzFptg6yO0AN0 HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

orangepizza · October 12, 2025, 2:13pm

most of LE secondary challenges are from AWS: are you happen to block those?

Osiris · October 12, 2025, 2:26pm

Yes, I figured as much.

You should see 4 to 5 of those per challenge.

witcher · October 12, 2025, 2:34pm

I don't block AWS special. But I try move firewall input rule on first place and clear block lists of bot. Unfortunately, the result remains unchanged.

MikeMcQ · October 12, 2025, 3:53pm

A test from my own AWS test server fails. If it isn't just AWS you block then something is still blocking requests

curl -i -m7 http://martynkov.ru/.well-known/TestFromAWS
curl: (28) Connection timed out after 7000 milliseconds

curl -i -m7 http://martynkov.ru
curl: (28) Connection timed out after 7000 milliseconds

witcher · October 12, 2025, 3:54pm

Thanks for help! I was able to get the certificate after disabling Wireguard connect on my mikrotik router.

system · November 11, 2025, 3:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can not renew a cert with certbot: Timeout during connect (likely firewall problem) Help	7	2331	June 23, 2019
Urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: During secondary validation Help	4	4960	June 5, 2020
Cannot renew cert (Timeout during connect) on Nginx and Ubuntu Help	3	1922	May 16, 2019
Getting new timeout errors during renewal as of a month ago (setup previously was working) Help	20	1688	December 2, 2021
Can not renew a cert with certbot: Timeout during connect (likely firewall problem) Server	3	6331	July 10, 2018

Renew: Timeout during connect

Related topics