Timeout after connect switching to HTTP-01


#1

I have the same problem: “Timeout after connect (your server may be slow or overloaded)”

My router redirects port 80 to a different server than my Nextcloud server. The latter relies on port 443.

The instruction page mentions this: “you’ll need to switch to the dns-01 challenge, or use an ACME client that supports tls-alpn-01.” How to do that?


Is TLS-SNI-01 still usable
#2

It’s not quite the same problem – a “Timeout after connect” means that it was able to connect. It just stopped working after that.

It probably means that there isn’t a firewall blocking all port 80 traffic, but there is some other configuration issue.

Even if you have port 80 forwarded to a different server, you could have that server reverse proxy the ACME validation requests to your Nextcloud server. HTTP validation is still an option.


#3

Are you able to send port 80 to your Nextcloud server, either permanently or temporarily? That would be the easiest solution.

Alternately, if your server on port 80 is Nginx or Apache, you could do what @mnordhoff suggests and proxy requests.

Otherwise you’ll need the ability to install a custom client on your Nextcloud server. Do you have that ability?


#4

Thank you jsha

See my post: here

I redirected external port 80 to the nextcloud server on port 443, but for some reason the url fails to load http://blucap.no-ip.org, but https://blucap.no-ip.org does load.

A check on https://www.yougetsignal.com shows that port 80 is open … .


#5

Interesting. I just tried curl http://blucap.no-ip.org and got a timeout. Maybe your ISP is blocking port 80? Maybe your router or Nextcloud is firewalling it off?

What did you have on port 80 previously, and were you able to access it from outside your network?


#6

asus router known issue - mysteriously shuts down ports, which makes it very hard to diagnose errors correclty.


#7

Probably weak to attacks…


#8

Ah, I recall hearing about another person with an ASUS router who had trouble like this. I think it turned out to be DDoS protection activating due to more than 32 simultaneous inbound connections from Let’s Encrypt staging (which sends more queries than prod). Is this against staging or production?