Timeout during connect (likely firewall problem), tried disable firewall

I tried to open port and even disable firewall.
I have to use IPv6.

I ran this command:

sudo certbot certonly --standalone

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): files.soxd.hu
Requesting a certificate for files.soxd.hu

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: files.soxd.hu
  Type:   connection
  Detail: 2a02:ab88:7200:d600:f42f:320e:56de:ced7: Fetching http://files.soxd.hu/.well-known/acme-challenge/30uPiBsQL4VI8K6LFW2tC6pEzxTzyf9CbStpmk6wULU: Timeout during connect (likely firewall problem)

My web server is (include version): filebrowser (GitHub - filebrowser/filebrowser: 📂 Web File Browser)

The operating system my web server runs on is (include version): Linux Mint 20.3

I can login to a root shell on my machine (yes or no, or I don't know): yes (its my computer)

The version of my client is: certbot 2.7.4

1 Like

Welcome to the community @nullentry

I see why you may need to use --standalone but it is harder to debug.

First, are you sure your ISP allows port 80 connections to you? It looks to be a Vodafone IP and if residential sometimes ISP don't allow port 80 (HTTP).

But, for now let's assume it should work. Can you try this command

sudo certbot certonly --standalone -d files.soxd.hu --debug-challenges -v

This will show you a URL and then ask to press enter. Do NOT press enter. Just leave it paused like that and let us know when it is ready. Or, while it is paused try to reach your domain using http://files.soxd.hu from outside your local network. Like using a mobile phone with wifi disabled to use the carrier's network.

You should be able to get some response from Certbot using --debug-challenges while it is paused.

If you get a timeout you will need to inspect each part of your local network to see where it may be blocked. And, contact your ISP about port 80.


Are you sure that's the correct IP address? Because it's completely down:

osiris@erazer ~ $ sudo nmap -sS -6 files.soxd.hu
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-02 22:02 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.06 seconds
osiris@erazer ~ $ sudo nmap -sS -6 -Pn files.soxd.hu
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-02 22:03 CET
Nmap scan report for files.soxd.hu (2a02:ab88:7200:d600:f42f:320e:56de:ced7)
Host is up.
All 1000 scanned ports on files.soxd.hu (2a02:ab88:7200:d600:f42f:320e:56de:ced7) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)

Nmap done: 1 IP address (1 host up) scanned in 202.11 seconds
osiris@erazer ~ $ 

Maybe you're behind CG-NAT?CG-NAT would be unlikely for IPv6..

1 Like

The webserver on that computer is not running currently

Even a non-running webserver should show a response on nmap. Usually an OS responds with "connection closed" instead of just nothing.

try now

I can't reach your domain. Just times out. You may need to ask your ISP


i can see it with nmap, or its not working from outside?

It's still not yet working from the public internet.

1 Like

you have to have ipv6 address because my isp uses nat on ipv4 addresses and i cant host

What firewalls have you opened already?

1 Like

I did.

curl -i6 -m10 http://files.soxd.hu
curl: (28) Connection timed out after 10001 milliseconds

# And
nmap -6 files.soxd.hu -Pn -p22,25,80,443
Nmap scan report for files.soxd.hu (2a02:ab88:7200:d600:f42f:320e:56de:ced7)
22/tcp  filtered ssh
25/tcp  filtered smtp
80/tcp  filtered http
443/tcp filtered https

I use ufw, i've already tried to disable it


now i've disabled the firewall in the router settings, can you reach it now?

Yes, I can. Port 80 is open, port 443 is closed (thus open in the firewall) as well as 8080.

It's probably the router, ufw looks pretty good (UDP port 80 isn't necessary though).


so what ports should i add to port forwarding in the router settings?

TCP port 80 for the http-01 challenge to get a certificate and for a HTTP to HTTPS redirect and TCP port 443 for HTTPS.

1 Like

Thank you for the help!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.