Timeout during connect (likely firewall problem) Apache2 Ubunut 20.04 server

my ISP, IMU 222222222

My ISP, IMU
I don’t know what they did, they say they did nothing at all

Do you know how I get it back, I might of messed somthing up, but Idk

This is a forum about Letsencrypt certificate related issues.
Your issue now is completely unrelated.
I would reboot the router.
Then reboot the server.
If it still fails to get an IPv6 address, you need to speak with your ISP.

1 Like

ok, thank you. I will do that

1 Like

I am having the same issues, and I got ipv6 working

I have had this issue before Timeout during connect (likely firewall problem) Apache2 Ubunut 20.04 server

My domain is: Sturtz.ml

I ran this command:
Certbot
It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): nate.sturtz@sturtz.ml

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: sturtz.ml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sturtz.ml
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain sturtz.ml
http-01 challenge for sturtz.ml
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: sturtz.ml
   Type:   connection
   Detail: Fetching
   http://sturtz.ml/.well-known/acme-challenge/nj60I2FThSOzVbNw2WB92yCGVFY4USLEXxciHDMSJOI:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

My web server is (include version):
Apache/2.4.41 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
Self hosting
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.7.0

Your domain only has an AAAA resource record and there is no connectivity possible to your IPv6 address. Please check your IPv6 connectivity (just like in the previous topic).

Well, as your site is only accessible through IPv6, that's obviously a big problem. Restore your IPv6 connectivity and you'll resolve your certbot issue.

Ok, I don’t know how to though.

I’m going to have to refer to @rg305 in your previous thread unfortunately. This isn’t a generic networking troubleshooting Community I’m afraid. You’ve got much bigger problems than a TLS certificate at the moment: your site in general isn’t accessible.

1 Like

I got the IPv6 issues fixed now I am still having the same issue with certbot. IPv6 is working

It's not working.

http://[2604:99c0:8:2fe6:d9b8:a6c8:92ba:2f07]/

Timeout, no answer.

Please use online tools to check that.

The new ip address out put is

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:23:24:08:58:1f brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
       valid_lft 85856sec preferred_lft 85856sec
    inet6 fe80::223:24ff:fe08:581f/64 scope link 
       valid_lft forever preferred_lft forever
3: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1b:21:bf:e7:28 brd ff:ff:ff:ff:ff:ff
    inet 169.254.38.166/16 brd 169.254.255.255 scope link noprefixroute ens2
       valid_lft forever preferred_lft forever
    inet6 2604:99c0:8:2fe6:79d7:6cde:235d:c8bf/64 scope global temporary dynamic 
       valid_lft 43188sec preferred_lft 26988sec
    inet6 2604:99c0:8:2fe6:21b:21ff:febf:e728/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43188sec preferred_lft 26988sec
    inet6 fe80::21b:21ff:febf:e728/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

I got a new ip addresss,

  IPv6 address for ens2:    2604:99c0:8:2fe6:9539:d97a:23d0:990c
  IPv6 address for ens2:    2604:99c0:8:2fe6:21b:21ff:febf:e728

I do not know why there is two but I have tried both.

netstat -plant

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      966/tor             
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      946/mysqld          
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      1479/perl           
tcp        0      0 169.254.38.166:53       0.0.0.0:*               LISTEN      873/named           
tcp        0      0 192.168.1.8:53          0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      755/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1320/sshd: /usr/sbi 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      771/cupsd           
tcp        0    196 192.168.1.8:22          192.168.1.6:49682       ESTABLISHED 1412/sshd: nsturtz  
tcp        0      0 192.168.1.8:50536       46.4.49.62:9002         ESTABLISHED 966/tor             
tcp6       0      0 ::1:953                 :::*                    LISTEN      873/named           
tcp6       0      0 :::443                  :::*                    LISTEN      1336/apache2        
tcp6       0      0 :::80                   :::*                    LISTEN      1336/apache2        
tcp6       0      0 fe80::223:24ff:fe08::53 :::*                    LISTEN      873/named           
tcp6       0      0 ::1:53                  :::*                    LISTEN      873/named           
tcp6       0      0 :::22                   :::*                    LISTEN      1320/sshd: /usr/sbi 
tcp6       0      0 ::1:631                 :::*                    LISTEN      771/cupsd           
tcp6       0      1 2604:99c0:8:2fe6::45142 2604:99c0:4:12::71:53   SYN_SENT    755/systemd-resolve

sudo lsof -iTCP -sTCP:LISTEN -P

COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r  755 systemd-resolve   13u  IPv4  26099      0t0  TCP localhost:53 (LISTEN)
cupsd      771            root    7u  IPv6  30989      0t0  TCP ip6-localhost:631 (LISTEN)
cupsd      771            root    8u  IPv4  30990      0t0  TCP localhost:631 (LISTEN)
named      873            bind   22u  IPv4  30300      0t0  TCP localhost:953 (LISTEN)
named      873            bind   26u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   27u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   28u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   32u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   33u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   34u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   35u  IPv6  30301      0t0  TCP ip6-localhost:953 (LISTEN)
named      873            bind   38u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   39u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   40u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   45u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   46u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   47u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   50u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
named      873            bind   51u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
named      873            bind   52u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
mysqld     946           mysql   26u  IPv4  31345      0t0  TCP localhost:3306 (LISTEN)
sshd      1320            root    3u  IPv4  34564      0t0  TCP *:22 (LISTEN)
sshd      1320            root    4u  IPv6  34566      0t0  TCP *:22 (LISTEN)
apache2   1336            root    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   1336            root    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
miniserv. 1479            root    5u  IPv4  37015      0t0  TCP *:10000 (LISTEN)
apache2   2191        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2191        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2192        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2192        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2193        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2193        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2194        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2194        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2195        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2195        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)

apachectl -S

[Wed Sep 02 09:59:25.899811 2020] [core:error] [pid 2259] (EAI 2)Name or service not known: AH00547: Could not resolve host name *: -- ignoring!
[Wed Sep 02 09:59:25.899951 2020] [core:error] [pid 2259] (EAI 2)Name or service not known: AH00547: Could not resolve host name *: -- ignoring!
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server sturtz.ml (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost sturtz.ml (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost cloud.sturtz.ml (/etc/apache2/sites-enabled/cloud.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

This is my new Cloudflare dns settings

The out put I get from certbot is

Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: sturtz.ml
2: cloud.sturtz.ml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Waiting for verification...
Challenge failed for domain cloud.sturtz.ml
Challenge failed for domain sturtz.ml
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: cloud.sturtz.ml
   Type:   connection
   Detail: Fetching
   http://cloud.sturtz.ml/.well-known/acme-challenge/a5xmyvF4-GcxjiNnl-fo_jiVuGoniwIwubkoFD63xQ8:
   Timeout during connect (likely firewall problem)

   Domain: sturtz.ml
   Type:   connection
   Detail: Fetching
   http://sturtz.ml/.well-known/acme-challenge/uqLWHSnLvl6T_aqioj4wMvFhM7tftTk3RVsTa0FnhFI:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

I had to make a new topic because this was way to long, and all the information was out dated, I have new IP address, among other things.
Please use this topic