Timeout during connect (likely firewall problem) (Not true)

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cello-master.nedalert.nl

I ran this command: certbot certonly --webroot --test-cert --http-01-port 88 -v -d cello-master.nedalert.nl

It produced this output:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: cello-master.nedalert.nl
Type: connection
Detail: 185.168.200.31: Fetching http://cello-master.nedalert.nl/.well-known/acme-challenge/HRvclMNIHmjORqoIBEXmGBr8BIW0wrE0Tqs_TE7fDIA: Timeout during connect (likely firewall problem)

My web server is (include version):

apache2.4.51

The operating system my web server runs on is (include version):

Windows Server 2022 Standard 21H2

My hosting provider, if applicable, is:

vdp-automation (Own Platform)

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 2.2.0

2

You can't change the port that the HTTP challenge happens over. It must be port 80, according to the rules that Let's Encrypt needs to follow.

FWIW I can't connect to your server on port 80 nor 88.

3 Likes
3

Thats a fact then!

Thanks

1 Like
4

I would like to know , does that mean the webserver has to serv on port 80 , also after the challenge?

Sorry if i misunderstand the system demands.

5

With port 80 activated the response from Certbot is the same.

The Website is responding on port 80.

Any suggestions?

6

Port 80 still looks closed to me for cello-master.nedalert.nl.

4 Likes
7

Port 80 is open for me in The Netherlands. Perhaps a geoblocking rule is active?

4 Likes
8

Yes, very much looks like a geographic based firewall.

image
image2295×738 88 KB

3 Likes
9

Thanks Osiris, MikMcQ,

The country blocking did the thing.
The certificate has been made.

Last job is to let my Apache work with it

1 Like
10

first make sure your site is able to connect over phone without connecting your home wifi

3 Likes
11

With geoblocking and assuming the phone service is in the same country as the server, that wouldn't really matter :wink: But in general you're right indeed :slight_smile:

4 Likes
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.