Timeout during connect (likely firewall problem, but there is no specific error that it is)

What next I have to check and how?

https://crt.sh/?q=darzeliai.panevezys.lt
https://crt.sh/?q=www.darzeliai.panevezys.lt

$ sudo ufw status
status: inactive

sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 darzeliai.SSG5-Serial (/etc/apache2/sites-enabled/000-default.conf:1)
*:8080 darzeliai.SSG5-Serial (/etc/apache2/sites-enabled/000-default.conf:30)
*:443 darzeliai.SSG5-Serial (/etc/apache2/sites-enabled/000-default.conf:59)

sudo ss -tlnp | grep -E “(apache|httpd)”
LISTEN 0 128 :::8080 :::* users:((“apache2”,16747,6),(“apache2”,16700,6),(“apache2”,16686,6),(“apache2”,16683,6),(“apache2”,16652,6),(“apache2”,16651,6),(“apache2”,16645,6),(“apache2”,16644,6),(“apache2”,16643,6),(“apache2”,16641,6),(“apache2”,1077,6))
LISTEN 0 128 :::80 :::* users:((“apache2”,16747,4),(“apache2”,16700,4),(“apache2”,16686,4),(“apache2”,16683,4),(“apache2”,16652,4),(“apache2”,16651,4),(“apache2”,16645,4),(“apache2”,16644,4),(“apache2”,16643,4),(“apache2”,16641,4),(“apache2”,1077,4))
LISTEN 0 128 :::443 :::* users:((“apache2”,16747,8),(“apache2”,16700,8),(“apache2”,16686,8),(“apache2”,16683,8),(“apache2”,16652,8),(“apache2”,16651,8),(“apache2”,16645,8),(“apache2”,16644,8),(“apache2”,16643,8),(“apache2”,16641,8),(“apache2”,1077,8))

My domain is:
darzeliai.panevezys.lt
www.darzeliai.panevezys.lt

I ran this command:
sudo /home/user/local/certbot-auto renew

It produced this output:
/home/user/local/certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/www.darzeliai.panevezys.lt.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for darzeliai.panevezys.lt
http-01 challenge for www.darzeliai.panevezys.lt
Waiting for verification…
^[[A^[[A^[[AChallenge failed for domain darzeliai.panevezys.lt
Challenge failed for domain www.darzeliai.panevezys.lt
http-01 challenge for darzeliai.panevezys.lt
http-01 challenge for www.darzeliai.panevezys.lt
Cleaning up challenges
Attempting to renew cert (www.darzeliai.panevezys.lt) from /etc/letsencrypt/renewal/www.darzeliai.panevezys.lt.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.darzeliai.panevezys.lt/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.darzeliai.panevezys.lt/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: darzeliai.panevezys.lt
  Type: connection
  Detail: Fetching
  http://darzeliai.panevezys.lt/.well-known/acme-challenge/VVs2ZG0vkYa88TMN7LnnRSeW2_fs7IZqovDiK3veLt8:
  Timeout during connect (likely firewall problem)

  Domain: www.darzeliai.panevezys.lt
  Type: connection
  Detail: Fetching
  http://www.darzeliai.panevezys.lt/.well-known/acme-challenge/1-G4da8lE6sMM0FD1IAtZv9hRjg9_Mglc9KsWyBqk_E:
  Timeout during connect (likely firewall problem)

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

My web server is (include version):
Apache/2.4.7

The operating system my web server runs on is (include version):
Ubuntu 14.04.5 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
/home/user/local/certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
certbot 1.3.0

for some strange reason I can’t connect to your server on ports 80 and 8080. (443 works)

can you?

How to delete this topic as I got message “You don’t have permission to delete this topic. If you really want it to be deleted, submit a flag for moderator attention together with reasoning.”?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.