Timeout during connect (likely firewall problem)

Hi, I’m trying to setup bitwarden and nextcloud on my NAS server, but I can’t get past let’s encrypt certification, so I tried to type my domain on the browser and I found out it takes me to my router’s page as shown here

My domain is: omvbaja.ddns.net or omvbaja.duckdns.org

I ran this command:
./bitwarden.sh install

It produced this output:

  • The following errors were reported by the server:

    Domain: omvbaja.ddns.net
    Type: connection
    Detail: Fetching
    http://omvbaja.ddns.net/.well-known/acme-challenge/FFGLabmLxvS3t4AjR1ZG5tXb9duDpZu45CXiEz0Xpe8:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version):

The operating system my web server runs on is (include version):
Debian GNU/Linux 10 (buster)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Do you have external port 80 and port 443 mapped to your NAS server inside your network?

1 Like

Yes, I did that yesterday when trying to set up nextcloud, but let’s encrypt gave me the same error, maybe I did something wrong there?

1 Like

Perhaps. You’re 200 % sure the IP address you entered is correct?

Or it might be some other firewall issue. Could be on your side, or perhaps your internet service provider blocking access on port 80/443.

Check for example sites like https://downforeveryoneorjustme.com/omvbaja.ddns.net

NB: UDP port 80 and UDP port 443 aren’t required. Your webserver isn’t even listening on UDP actually. You can remove those, but leave the TCP portmaps. Note: this is not the solution to your issue, just something else.

1 Like

Yes, 200%, I’ve triple checked and closed/reopened the ports 80 and 443, I think my network provider might have a firewall, cause I can’t host minecraft servers either, and with my previous provider I could

edit: would it make any difference if I used google’s dns address instead of the default one my provider uses?

How would another DNS provider fix your firewall issue?

Cause I’m not sure if it’s a firewall issue, was wondering if dns would change anything, it didn’t

The only thing DNS is good for, is telling a client the IP address. Nothing more. The actual connecting to the server is through HTTP or HTTPS and to the IP address. If a client can get the correct IP address, DNS is functioning properly. That was the case here: no trouble with getting the IP address. Only after this step, connecting to the IP address doesn’t work.

2 Likes

oooh, thanks for the explanation, I’m a newbie when it comes to networking

Ok, so I’ve found out my provider is basically lying about opening ports: https://imgur.com/a/FjmM7dH, same result with port 443, what am I supposed to do now?

If you’re really really really sure it’s a provider issue:

  • if you only use the service for yourself and don’t mind using another port if that alternate port is open by your provider!:
    • get your certificate through the dns-01 challenge and bind your server to other ports (for example 4443 instead of 443) which might be open
    • note: you can’t use alternative ports instead of 80/443 for the http-01 challenge
  • change provider

yeah I’m sure, doesn’t matter which port I open, the open port check tool always tells me they’re closed

Unfortunately I can’t, it’s the only provider around with stable connections and speed above 50mb/s, my previous provider, which is considered the second best around here, had speeds of only 25mb/s and wasn’t at all stable

Do you have a server listening behind those ports? Because a tool can report “closed” because there isn’t any program/server/daemon/whatever actually listening on the port tested.

Yeah, I setup pihole on port 80 to test it and it still says “closed”

Apparently other people have had the same problem with this provider, and what fixed it for them was changing the router

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.