Timeout during connect (likely firewall problem) Apache2 Ubunut 20.04 server, updated info

I am starting a new one because the old one was way to long, and it had out dated information for my server

My domain is:
sturtz.ml
I ran this command:
certbot
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: sturtz.ml
2: cloud.sturtz.ml


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Waiting for verification…
Challenge failed for domain cloud.sturtz.ml
Challenge failed for domain sturtz.ml
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: cloud.sturtz.ml
    Type: connection
    Detail: Fetching
    http://cloud.sturtz.ml/.well-known/acme-challenge/a5xmyvF4-GcxjiNnl-fo_jiVuGoniwIwubkoFD63xQ8:
    Timeout during connect (likely firewall problem)

    Domain: sturtz.ml
    Type: connection
    Detail: Fetching
    http://sturtz.ml/.well-known/acme-challenge/uqLWHSnLvl6T_aqioj4wMvFhM7tftTk3RVsTa0FnhFI:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    My web server is (include version):
    Server version: Apache/2.4.41 (Ubuntu)
    The operating system my web server runs on is (include version):
    Ubuntu Server 20.04
    My hosting provider, if applicable, is:
    None
    I can login to a root shell on my machine (yes or no, or I don’t know):
    Yes
    I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
    None
    The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.7.0
    ‘ip address’

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:23:24:08:58:1f brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
       valid_lft 86388sec preferred_lft 86388sec
    inet6 2604:99c0:8:2fe6:f849:8417:44ec:2240/64 scope global temporary dynamic 
       valid_lft 43192sec preferred_lft 26992sec
    inet6 2604:99c0:8:2fe6:223:24ff:fe08:581f/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43192sec preferred_lft 26992sec
    inet6 fe80::223:24ff:fe08:581f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1b:21:bf:e7:28 brd ff:ff:ff:ff:ff:ff
    inet 169.254.38.166/16 brd 169.254.255.255 scope link noprefixroute ens2
       valid_lft forever preferred_lft forever
    inet6 2604:99c0:8:2fe6:79d7:6cde:235d:c8bf/64 scope global temporary dynamic 
       valid_lft 43192sec preferred_lft 26992sec
    inet6 2604:99c0:8:2fe6:21b:21ff:febf:e728/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43192sec preferred_lft 26992sec
    inet6 fe80::21b:21ff:febf:e728/64 scope link noprefixroute 
       valid_lft forever preferred_lft foreverr

sudo lsof -iTCP -sTCP:LISTEN -P

COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r  755 systemd-resolve   13u  IPv4  26099      0t0  TCP localhost:53 (LISTEN)
cupsd      771            root    7u  IPv6  30989      0t0  TCP ip6-localhost:631 (LISTEN)
cupsd      771            root    8u  IPv4  30990      0t0  TCP localhost:631 (LISTEN)
named      873            bind   22u  IPv4  30300      0t0  TCP localhost:953 (LISTEN)
named      873            bind   26u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   27u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   28u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   32u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   33u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   34u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   35u  IPv6  30301      0t0  TCP ip6-localhost:953 (LISTEN)
named      873            bind   38u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   39u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   40u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   45u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   46u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   47u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   50u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
named      873            bind   51u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
named      873            bind   52u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
mysqld     946           mysql   26u  IPv4  31345      0t0  TCP localhost:3306 (LISTEN)
sshd      1320            root    3u  IPv4  34564      0t0  TCP *:22 (LISTEN)
sshd      1320            root    4u  IPv6  34566      0t0  TCP *:22 (LISTEN)
apache2   1336            root    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   1336            root    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
miniserv. 1479            root    5u  IPv4  37015      0t0  TCP *:10000 (LISTEN)
apache2   2567        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2567        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2568        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2568        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2569        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2569        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2570        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2570        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2571        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2571        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)

Router status page


I am in the DMZ, I hae ufw off
netstat -pant

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      966/tor             
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      946/mysqld          
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      1479/perl           
tcp        0      0 169.254.38.166:53       0.0.0.0:*               LISTEN      873/named           
tcp        0      0 192.168.1.8:53          0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      755/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1320/sshd: /usr/sbi 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      771/cupsd           
tcp        0      0 192.168.1.8:48794       35.224.99.156:80        TIME_WAIT   -                   
tcp        0    248 192.168.1.8:22          192.168.1.6:49682       ESTABLISHED 1412/sshd: nsturtz  
tcp6       0      0 ::1:953                 :::*                    LISTEN      873/named           
tcp6       0      0 :::443                  :::*                    LISTEN      1336/apache2        
tcp6       0      0 :::80                   :::*                    LISTEN      1336/apache2        
tcp6       0      0 fe80::223:24ff:fe08::53 :::*                    LISTEN      873/named           
tcp6       0      0 ::1:53                  :::*                    LISTEN      873/named           
tcp6       0      0 :::22                   :::*                    LISTEN      1320/sshd: /usr/sbi 
tcp6       0      0 ::1:631                 :::*                    LISTEN      771/cupsd   

When I login I get

 IPv4 address for enp0s25: 192.168.1.8
  IPv6 address for enp0s25: 2604:99c0:8:2fe6:6dd8:c0e3:de7c:f8c6
  IPv6 address for enp0s25: 2604:99c0:8:2fe6:223:24ff:fe08:581f
  IPv4 address for ens2:    169.254.38.166
  IPv6 address for ens2:    2604:99c0:8:2fe6:f130:7ee1:f181:afb8
  IPv6 address for ens2:    2604:99c0:8:2fe6:21b:21ff:febf:e728

All your IPv6 addresses are down (I can’t connect/ping to any of them), even your router. This is a networking issue, not a Let’s Encrypt/TLS/ACME issue.

1 Like

Again, I thought I got this fixed, Sorry.

Is the
2604:99c0:8:2fe6:6dd8:c0e3:de7c:f8c6 Ip working
It works on my side.
also
2604:99c0:8:2fe6:223:24ff:fe08:581f works on my side
so dose
2604:99c0:8:2fe6:f130:7ee1:f181:afb8
2604:99c0:8:2fe6:21b:21ff:febf:e728
They all work for me

@Osiris do any of these ips work?

None of those 4 addresses work. No ping, no traceroute, no telnet to port 80.

Are you trying to connect to those IP addresses from the same network? I.e., within your own LAN? If so, it might be a router issue or something. Could your router be blocking access to those IP addresses? Normally, ports need to be opened for IPv6 in routers too.

In any case, I would like to repeat myself that this is not a Let’s Encrypt issue, but a generic networking/firewall/whatever issue. And in my opinion that is not the scope of this Community. Perhaps someone else on this Community might be interested, but in my opinion it’s offtopic.

Also, your hostnames point to the IP address 2604:99c0:8:2fe6:9539:d97a:23d0:990c which I don’t see in your most recent post… And that IP address is down too.

@sturtz_nate : Looks like you don't read the answers.

This is a forum about Letsencrypt certificate related issues.
Your issue now is completely unrelated.

It’s not working.

http://[2604:99c0:8:2fe6:d9b8:a6c8:92ba:2f07]/

Timeout, no answer.

Please use online tools to check that.

Creating a new topic after I had merged your first and second topic and ignoring your older answers is a little bit curious.

Please fix your off-topic problem.