Site stopped responding

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: windchaserconsulting.com

I ran this command:sudo certbot certonly —webroot -d WindChaserconsulting.com -w /var/www/html

It produced this output:time-out during connection

My web server is (include version): Ubuntu 16.04.3

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

Note the site has been working just fine but all of a sudden stopped responding. No changes to the server.

Welcome @Windchaserb

Have there been any changes to your router or modem lately? Because I see you have both ipv4 and ipv6 addresses but they both time out on port 80. You should also check those devices to make sure they are not blocking port 80. And check any other firewalls or similar software that might have updated recently.

That said, I cannot reach your domain using https port 443 either. Maybe just try restarting your modem and or router. And check that your ip addresses are still what is shown in the public DNS.

https://www.ssllabs.com/ssltest/analyze.html?d=windchaserconsulting.com&hideResults=on

3 Likes

Thanks. Restarting router had no effect.
Ip address matches what’s in public dns.
No software changes that I’m aware of.

1 Like

Then you might need to talk with your ISP (Comcast?) to see if they are now blocking those ports. Sometimes they do that for residential accounts.

You could maybe use a DNS Challenge to get a Let's Encrypt cert. These are often harder to automate than the HTTP Challenge you currently use.

But, that doesn't fix your connectivity to the public internet.

Are you able to reach your domain using HTTP or HTTPS from outside your own network? Like with a mobile phone and wifi disabled so using the carrier network?

3 Likes

I can confirm Mikes findings: your entire website seems to be down from the public internet.

Thus, this is not a Let's Encrypt/certificate issue per se. Once you've got your host online again, you can renew your certificate too.

1 Like

Thanks. I’ll look at comcast.
Locally the site works just fine (i.e. from my network behind the router)

1 Like

Firewall is quite aggressive, yup. (Ignore "host is up" -- host is always up with -Pn)

❯ nmap -AF windchaserconsulting.com -Pn
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-03 17:36 CET
Nmap scan report for windchaserconsulting.com (66.30.38.32)
Host is up.
Other addresses for windchaserconsulting.com (not scanned): 2601:18e:c381:5ec0::351d
rDNS record for 66.30.38.32: c-66-30-38-32.hsd1.ma.comcast.net
All 100 scanned ports on windchaserconsulting.com (66.30.38.32) are in ignored states.
Not shown: 100 filtered tcp ports (no-response)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 26.74 seconds

@Windchaserb you sure the IP address is the right one?

3 Likes

certonly doesn't touch your web service.

This is the work of other forces.

2 Likes

Thanks everybody. Appreciate your insight.

2 Likes

Yes. That is the correct ip address

A tip for checking your website is reachable is to try your phone browser via mobile data (not wifi). That way you're trying it from an external network.

Once you get basic http working over port 80 then generally you can be sure that http validation will work to get your certificate.

It's quite common for ISPs to suddenly stop allowing [incoming] port 80 and port 443 traffic. You can sometimes use something like ngrok to proxy traffic to your home server if your ISP will otherwise block your server.

2 Likes

Using nmap shows Ports 80 & 443 are filtered.

$ nmap -Pn -p80,443 windchaserconsulting.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-12-04 02:22 UTC
Nmap scan report for windchaserconsulting.com (66.30.38.32)
Host is up.
Other addresses for windchaserconsulting.com (not scanned): 2601:18e:c381:5ec0::351d
rDNS record for 66.30.38.32: c-66-30-38-32.hsd1.ma.comcast.net

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.15 seconds

Using this online tool https://check-host.net/ to test from around the world.
DNS - Permanent link to this check report
HTTP - Permanent link to this check report all say "Connection timed out"
HTTPS - Permanent link to this check report all say "Connection timed out"

Using this online tool Open Port Check Tool - Test Port Forwarding on Your Router shows all ports closed

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.