Timeout during connect (likely firewall problem) Apache2 Ubunut 20.04 server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sturtz.ml

I ran this command: certbot

It produced this output:

root@sturtz001:/etc/apache2# certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: sturtz.ml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sturtz.ml
Waiting for verification...
Challenge failed for domain sturtz.ml
http-01 challenge for sturtz.ml
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: sturtz.ml
   Type:   connection
   Detail: Fetching
   http://sturtz.ml/.well-known/acme-challenge/RXiflF7BxaHVEeBxWhLviMYMUIU3x9s-dUhwhglG4js:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu Server 20.04

My hosting provider, if applicable, is: I self Host

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I self host

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.7.0
Other info:
I install certbot today and I had to do it by Snap snap install certbot --classic
I have never had a issue when installed by apt but I cannot find the apt package via apt install certbot

Is port 80 [HTTP] open?

I also get a timeout…

LetsDebug seems to agree and provides more information: https://letsdebug.net/sturtz.ml/268621

IPv6 (AAAA record exist but fails port 80) problem.

1 Like

I did not change anything, I just had a drive failure so I had to reinstall my OS, and I did not change any settings on my router at all. I wrote a script to help the reinstall. Dose that help?
https://raw.githubusercontent.com/Sturtz-Network/server-setup/master/install.sh I also use cloudflare.

1 Like

I reran the test an I got https://letsdebug.net/sturtz.ml/268627

All OK!

OK

No issues were found with sturtz.ml. If you are having problems with creating an SSL certificate, please visit the [ Let's Encrypt Community forums](https://community.letsencrypt.org/) and post a question there.

but certbot still dose not work

Something has changed…
Even direct IP access fails.

Please show:
netstat -pant

1 Like

I cannot

root@sturtz001:/etc/bind# netstat -pant

Command 'netstat' not found, but can be installed with:

apt install net-tools

root@sturtz001:/etc/bind# apt install net-tools
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package net-tools
root@sturtz001:/etc/bind#

How about:
sudo lsof -iTCP -sTCP:LISTEN -P

root@sturtz001:/etc/apt# sudo lsof -iTCP -sTCP:LISTEN -P
COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r  715 systemd-resolve   13u  IPv4  23158      0t0  TCP localhost:53 (LISTEN)
named      762            bind   22u  IPv4  26632      0t0  TCP localhost:953 (LISTEN)
named      762            bind   26u  IPv4  26581      0t0  TCP localhost:53 (LISTEN)
named      762            bind   27u  IPv4  26581      0t0  TCP localhost:53 (LISTEN)
named      762            bind   28u  IPv4  26581      0t0  TCP localhost:53 (LISTEN)
named      762            bind   31u  IPv4  26582      0t0  TCP sturtz001:53 (LISTEN)
named      762            bind   32u  IPv4  26582      0t0  TCP sturtz001:53 (LISTEN)
named      762            bind   33u  IPv4  26582      0t0  TCP sturtz001:53 (LISTEN)
named      762            bind   36u  IPv6  26583      0t0  TCP ip6-localhost:53 (LISTEN)
named      762            bind   37u  IPv6  26583      0t0  TCP ip6-localhost:53 (LISTEN)
named      762            bind   38u  IPv6  26583      0t0  TCP ip6-localhost:53 (LISTEN)

I don’t see anything like:
nginx
apache2

Have you reinstalled your web server?
Is it configured and running?

1 Like

it is running,

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-08-24 16:58:43 UTC; 1h 52min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 763 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
    Process: 4484 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
   Main PID: 953 (apache2)
      Tasks: 7 (limit: 9297)
     Memory: 65.1M
     CGroup: /system.slice/apache2.service
             ├─ 953 /usr/sbin/apache2 -k start
             ├─4961 /usr/sbin/apache2 -k start
             ├─4962 /usr/sbin/apache2 -k start
             ├─4963 /usr/sbin/apache2 -k start
             ├─4964 /usr/sbin/apache2 -k start
             ├─4965 /usr/sbin/apache2 -k start
             └─4966 /usr/sbin/apache2 -k start

Aug 24 16:58:31 sturtz001 systemd[1]: Starting The Apache HTTP Server...
Aug 24 16:58:43 sturtz001 apachectl[828]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress thi>
Aug 24 16:58:43 sturtz001 systemd[1]: Started The Apache HTTP Server.
Aug 24 17:31:17 sturtz001 systemd[1]: Reloading The Apache HTTP Server.
Aug 24 17:31:17 sturtz001 apachectl[2526]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress th>
Aug 24 17:31:17 sturtz001 systemd[1]: Reloaded The Apache HTTP Server.
Aug 24 18:17:47 sturtz001 systemd[1]: Reloading The Apache HTTP Server.
Aug 24 18:17:47 sturtz001 apachectl[4487]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress th>
Aug 24 18:17:47 sturtz001 systemd[1]: Reloaded The Apache HTTP Server.

what dose


apache2: Could not reliably determine the server's  fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

mean?

lsof says otherwise.
Are those outputs from the same system?

That means there is no specified “servername” anywhere in the Apache config - not a real issue.

do you want my vhost?

I want to see apche2 running on IPv6 port 80.
something like this:

sudo lsof -iTCP -sTCP:LISTEN -P
COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2   1142            root    4u  IPv6  25873      0t0  TCP *:80 (LISTEN)
apache2   5029        www-data    4u  IPv6  25873      0t0  TCP *:80 (LISTEN)
apache2   5030        www-data    4u  IPv6  25873      0t0  TCP *:80 (LISTEN)
1 Like

how do I make that happen?

1 Like

I don’t know how you can show it running and show it not running.
That makes no sense to me.
Is this a cluster?
Are you on the right member?

1 Like

I dont know, I have one server, sturtz001,

1 Like

Show:
ifconfig | grep -Ei 'inet|addr'

Are you OK with installing net-tools ?
[to use netstat]

1 Like
        inet 192.168.1.8  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2604:99c0:8:2f0f:223:24ff:fe08:581f  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::223:24ff:fe08:581f  prefixlen 64  scopeid 0x20<link>
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>

I got net-tools, i fixed the issue,

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:19999           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -                   
tcp        0      0 192.168.1.8:53          0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:8125          0.0.0.0:*               LISTEN      -                   
tcp        1      0 127.0.0.1:46944         127.0.0.1:80            CLOSE_WAIT  -                   
tcp        1      0 127.0.0.1:47080         127.0.0.1:80            CLOSE_WAIT  -                   
tcp        0    360 192.168.1.8:22          192.168.1.6:49681       ESTABLISHED -                   
tcp        0      0 127.0.0.1:46918         127.0.0.1:80            ESTABLISHED -                   
tcp        1      0 127.0.0.1:47092         127.0.0.1:80            CLOSE_WAIT  -                   
tcp        1      0 127.0.0.1:47312         127.0.0.1:80            CLOSE_WAIT  -                   
tcp        1      0 127.0.0.1:46942         127.0.0.1:80            CLOSE_WAIT  -                   
tcp        1      0 127.0.0.1:47116         127.0.0.1:80            CLOSE_WAIT  -                   
tcp6       0      0 :::19999                :::*                    LISTEN      -                   
tcp6       0      0 :::80                   :::*                    LISTEN      -                   
tcp6       0      0 fe80::223:24ff:fe08::53 :::*                    LISTEN      -                   
tcp6       0      0 2604:99c0:8:2f0f:223:53 :::*                    LISTEN      -                   
tcp6       0      0 ::1:53                  :::*                    LISTEN      -                   
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
tcp6       0      0 ::1:953                 :::*                    LISTEN      -                   
tcp6       0      0 :::443                  :::*                    LISTEN      -                   
tcp6       1      0 ::1:35376               ::1:80                  CLOSE_WAIT  -                   
tcp6       0      0 127.0.0.1:80            127.0.0.1:46918         ESTABLISHED -                   
tcp6       0      1 2604:99c0:8:2f0f::49266 2604:99c0:4:12::71:53   SYN_SENT    -         
1 Like