Stuck on setup with Nginx, reverse proxy to Gunicorn, and freemyip

My domain is:

I ran this command: sudo certbot certonly --webroot -w /var/www/letsencrypt --dry-run -d --debug-challenges -vvv

It produced this output:…:
Timeout during connect (likely firewall problem)

My web server is (include version): nginx 1.14.2-2+deb10u3

The operating system my web server runs on is (include version): Raspbian GNU/Linux 10 (buster)

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Trying to setup certbot on my home Raspberry PI with DNS provided by Nginx is setup to reverse proxy to a running instance of Gunicorn which is hosting a Flask application. I made the following configuration changes:

    location /.well-known {
            alias /var/www/letsencrypt/.well-known;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            #try_files $uri $uri/ =404;

I then used the following command to pause during the challenge:

sudo certbot certonly --webroot -w /var/www/letsencrypt --dry-run -d --debug-challenges -vvv

I was able to very that the challenge was readable via the url:… works fine in Chrome during the challenge pause.

Yet the server reports it cannot connect and fetch the file. Any ideas?

Hi @drjubbs

I can’t fecht your main domain - timeout. Same there -

Domainname Http-Status redirect Sec. G -14 10.013 T
Timeout - The operation has timed out -14 10.030 T
Timeout - The operation has timed out -14 10.043 T
Timeout - The operation has timed out -14 10.030 T
Timeout - The operation has timed out

Nothing works. http answers are required if you want to use http validation.

1 Like

Thanks. It’s either my ISP blocking port 80 (most likely) or my router (Google WiFi).

Your ssh answers, see the #portchecks - part.

1 Like

Yes. It works fine on other ports, just not 80. I tried an alternative DDNS service which allows port re-direction, but get a different error:

Invalid port in redirect target. Only ports 80 and 443 are
supported, not 8888

So this is either an ISP issue, or Google Wifi not correctly sending along port 80 traffic.

Most likely your ISP is blocking port 80.
If your version of nginx supports it, try using TLS-ALPN

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.