Time out during connect (likely firewall problem)

Hi, I’m reaching out again. I’m encountering the same error as last time: Time out during connect (likely firewall problem) while installing the SSL certificate. However, I believe this is a different issue. Previously, I mistakenly used the wrong public IP address from the output of ifconfig, which was different from my actual public IP. This time, I’ve ensured I’m using the correct public IP and have confirmed that ports 80 and 443 are open in my firewall. I also ran an nmap scan to verify this, but I’m still facing the same problem. Any assistance would be appreciated!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dev.isko.dilc.info

I ran this command: certbot --nginx

It produced this output:

Domain: dev.isko.dilc.info
** Type: connection**
** Detail: 202.92.129.149: Fetching**
** http://dev.isko.dilc.info/.well-known/acme-challenge/sXpQwx8CkWqzmecAyk_WsjeR4g2zx16I0p731dqnYI0:**

My web server is (include version): nginx/1.18.0

The operating system my web server runs on is (include version): ubuntu 20.04
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): idk

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): idk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

You need a working HTTP site before you can use HTTP authentication to obtain a cert for it.

This domain cannot be reached from the public internet.

We would not give any different advice than we gave in the last thread. Even though this domain name is slightly different, fixing the connection problem needs the same steps

Supplemental, Hi @ajaxx please see Certbot 2.11.0 Release for a newer version of Certbot.

Edit

Using the online tool Let's Debug yields these results https://letsdebug.net/dev.isko.dilc.info/2260352

ANotWorking
Error
dev.isko.dilc.info has an A (IPv4) record (202.92.129.149) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with dev.isko.dilc.info/202.92.129.149: Get "http://dev.isko.dilc.info/.well-known/acme-challenge/letsdebug-test": dial tcp 202.92.129.149:80: i/o timeout

Trace:
@0ms: Making a request to http://dev.isko.dilc.info/.well-known/acme-challenge/letsdebug-test (using initial IP 202.92.129.149)
@0ms: Dialing 202.92.129.149
@10000ms: Experienced error: dial tcp 202.92.129.149:80: i/o timeout

IssueFromLetsEncrypt
Error
A test authorization for dev.isko.dilc.info to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
202.92.129.149: Fetching http://dev.isko.dilc.info/.well-known/acme-challenge/Kozn69dEbUrQ-M9iQVSBEtmDT4IGvI408o2vCSXVRVI: Timeout during connect (likely firewall problem)

Note the "Timeout during connect (likely firewall problem)".

I find both Ports 80 & 443 are being filtered, from my location in Oregon, USA.

$ nmap -Pn -p80,443 dev.isko.dilc.info
Starting Nmap 7.80 ( https://nmap.org ) at 2024-10-22 19:28 UTC
Nmap scan report for dev.isko.dilc.info (202.92.129.149)
Host is up.
rDNS record for 202.92.129.149: i129-149.upd.edu.ph

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 5.70 seconds

Please show your results.
Are you running nmap on your local network to your local network?
(That, likely, will not be going though the firewall and / or router.)

sorry for the late response . this is what i get when i ran that command:

Starting Nmap 7.95 ( https://nmap.org ) at 2024-10-23 03:32 UTC
Nmap scan report for dev.isko.dilc.info (202.92.129.149)
Host is up (0.00021s latency).
rDNS record for 202.92.129.149: i129-149.upd.edu.ph

PORT STATE SERVICE
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 2.73 seconds

Any update about the above?

Sorry, how do i verify this? im not very familiar in networking .

On the system you ran nmap, show the output of:
curl -4 ifconfig.io

this is what i get 202.92.130.206 .

Although, they are not the same IP... They are very close to each other.

Are there any firewall rules that allow some IPs/networks more [or less] access than others?

hmmm yes, but i think its kinda weird since we dont have public ip ranging to 202.92.130.206. I encountered a similar issue previously where the IP from ifconfig didn't match the expected one. Ideally, our network should have the same public IP as the private IP. We conducted diagnostics yesterday, and it appears that a firewall may be really blocking the connection. Anyway, thank you for the help. We’ll try to investigate this further and update you as soon as I have more information

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.