Timeout during connect (likely firewall problem)

Hello guys, I have problem to generate new certs. The port 80 and 443 is forwarded from router to virtual machine the default page of Apache is opening in browser and after openinig /.well-known/acme-challenge URL I see files. But when i am trying generate certs for site i am getting error Timeout during connect (likely firewall problem).

I tryed standalone, webroot and apache options and no luck.

My domain is:
smart.nysa.eu

I ran this command:
certbot certonly --test-cert -d smart.nysa.eu --apache --preferred-challenges http --debug-challenges -v

It produced this output:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My web server is (include version):
Apache 2.4.29

The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS

I can login to a root shell on my machine (yes or no, or I don’t know):
YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

Log file:

Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator webroot and installer None
Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7efec0e55b00>
Prep: True
Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7efec0e55b00> and installer None
Plugins selected: Authenticator webroot, Installer None
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-staging-v02.api.letsencrypt.org/acme/acct/15002956’, new_authzr_uri=None, terms_of_service=None), 17560a782aaba63a1114c75cbb1202fc, Meta(creation_dt=datetime.datetime(2020, 8, 4, 9, 26, 20, tzinfo=), creation_host=‘its-1-vm-1’))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
https://acme-staging-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 724
Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Aug 2020 16:07:29 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“kG5fCkqnvpc”: “Adding random entries to the directory”,
“keyChange”: “https://acme-staging-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org/docs/staging-environment/
},
“newAccount”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
}
Obtaining a new certificate
Generating key (2048 bits): /etc/letsencrypt/keys/0023_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0023_csr-certbot.pem
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Aug 2020 16:07:29 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001dvLjP-mpT2bqlVUBiYtTJzdBblIc6eGS7NpnNiLzNUk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

Storing nonce: 0001dvLjP-mpT2bqlVUBiYtTJzdBblIc6eGS7NpnNiLzNUk
JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “smart.nysa.eu”\n }\n ]\n}’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAwMjk1NiIsICJub25jZSI6ICIwMDAxZHZMalAtbXBUMmJxbFZVQmlZdFRKemRCYmxJYzZlR1M3TnBuTmlMek5VayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ”,
“signature”: “AgjptmNYPAz3xhzYw5nCob6WSHLhMYPh6Kbed6gWMFZdA41-K0LbNWlm7hxpVNaQfor6TIXCZ99qyzCgSxz9O-8U1dgkiiFBv-1x_uWFpOt7pWXxv4N_ODx8L50-_Y4od6V7qKqVByRxggrTKRCCIxudJg-3mn4MZJr63VGihnf4Nu4Os7865W650Sxcd00DAvvGE4Ak-ySFdiEM1n6-1kKwGCLb2PRp6I7dbCqGZITcNWGH3HGhWG4h9U2spc0EnmmAaUXzHrcYBVC1WfXAC0tWl-AjrUPXZLxx5DagxuOcpbI_eeXsuU9BLF1b-iWdGCg0z-lYG6nAT0UVsjQ15w”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNtYXJ0Lm55c2EuZXUiCiAgICB9CiAgXQp9”
}
https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 356
Received response:
HTTP 201
Server: nginx
Date: Tue, 04 Aug 2020 16:07:30 GMT
Content-Type: application/json
Content-Length: 356
Connection: keep-alive
Boulder-Requester: 15002956
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/15002956/126422824
Replay-Nonce: 0001CGzA2snrhxXYvOcGfBC74Otk2q_zgq5luJIlDaFbvJI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“status”: “pending”,
“expires”: “2020-08-11T16:07:30.096769407Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “smart.nysa.eu”
}
],
“authorizations”: [
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/88782123
],
“finalize”: “https://acme-staging-v02.api.letsencrypt.org/acme/finalize/15002956/126422824
}
Storing nonce: 0001CGzA2snrhxXYvOcGfBC74Otk2q_zgq5luJIlDaFbvJI
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/88782123:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAwMjk1NiIsICJub25jZSI6ICIwMDAxQ0d6QTJzbnJoeFhZdk9jR2ZCQzc0T3RrMnFfemdxNWx1SklsRGFGYnZKSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84ODc4MjEyMyJ9”,
“signature”: “m04NgzZX_xLCB-aPdZmvHCHte2VZlMi3AjltJRKjf6YQo4NCcK_4S1bGTJbMlOaV5VbIV6OSxjHeVUmSVV2LwIs3CajBoteWEoUTb8e2RFwJgtpGU_pYpVrYH0uJX9gPTCVlt4hfhoRHwWGMtE11OkrVCfb9CvkkmhBmIZzjs4L2VGzXm07v57CNOqqbn0e2ARuzBpoLjgaC10b55ZEJQXbo5u6h7MkNkOGb_f8p_9v5y4o7UzL9Qz5yLbll4PlKAVnn6xsmZ_4Q0rOQzYt4E_ulYpsrtnW1Y682wumYkoHfgsgvPpJpBXWxCh3se5aNn2NHLLT6th7niTk8jTAtUQ”,
“payload”: “”
}
https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/88782123 HTTP/1.1” 200 809
Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Aug 2020 16:07:30 GMT
Content-Type: application/json
Content-Length: 809
Connection: keep-alive
Boulder-Requester: 15002956
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002kMZ7iaqO-TqE6-Y6zDT_11dc9rZ3H6ixM2lIG_vnP6Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “smart.nysa.eu”
},
“status”: “pending”,
“expires”: “2020-08-11T16:07:30Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/Jx9btA”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/PRUEIg”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/AY1Nvw”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
}
]
}
Storing nonce: 0002kMZ7iaqO-TqE6-Y6zDT_11dc9rZ3H6ixM2lIG_vnP6Y
Performing the following challenges:
http-01 challenge for smart.nysa.eu
Using the webroot path /var/www/html for all unmatched domains.
Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
Attempting to save validation to /var/www/html/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0
Waiting for verification…


Challenges loaded. Press continue to submit to CA. Pass “-v” for more info about
challenges.


Press Enter to Continue
JWS payload:
b’{\n “resource”: “challenge”,\n “type”: “http-01”\n}’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/Jx9btA:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAwMjk1NiIsICJub25jZSI6ICIwMDAya01aN2lhcU8tVHFFNi1ZNnpEVF8xMWRjOXJaM0g2aXhNMmxJR192blA2WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My84ODc4MjEyMy9KeDlidEEifQ”,
“signature”: “NqtktDZWQtXvOTE6wwpiZLjbIoEJn6oBiGzSGfIp7ajG-xJeyXciOmLnV8WsSh87dStbAg8QHUUfyOyTT9MRipHOq2iGfTN153aCUVW9mFb2EJ9uzNUsRYMh8E-7O81Vt0JuJ5iBq08Pf3dxJRIOfrSxKAXBCUDBvcE1KlvdrJxxMyX_D-gz4azX3uDEFUH6YrwU4zaFeKY8NnlcC3ex5Fcsm-86xXnOjR1ahlYZfA2cIDfW55g8ycs-oWNfcJLyW0qxMxG0W29yPE7nMmKrSPaFEAfIIRxNhAlCPLrfKjWf4o_lD5RVgWI48UNtJk4GGfYQzG0Gmlif93saPu0q4A”,
“payload”: “ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0”
}
https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/chall-v3/88782123/Jx9btA HTTP/1.1” 200 191
Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Aug 2020 16:08:07 GMT
Content-Type: application/json
Content-Length: 191
Connection: keep-alive
Boulder-Requester: 15002956
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/88782123;rel=“up”
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/Jx9btA
Replay-Nonce: 0001ndLva8taE1P1ALIf5OjUOIbZgJO4xRkTkZVcVXx2vn0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/Jx9btA”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
}
Storing nonce: 0001ndLva8taE1P1ALIf5OjUOIbZgJO4xRkTkZVcVXx2vn0
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/88782123:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAwMjk1NiIsICJub25jZSI6ICIwMDAxbmRMdmE4dGFFMVAxQUxJZjVPalVPSWJaZ0pPNHhSa1RrWlZjVlh4MnZuMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84ODc4MjEyMyJ9”,
“signature”: “EhNRCyN_bQSjOMWoNm6PmYwbrssAQ74fQPYTQm1lCXBz333NBKOyIiYAKGP9nxgbC8qvnJCBsVjktSYM5euBqz1Cyb15iJ_6vh3UNL8M5g8Juk5Q3PgIcgv9sRXHI8ZykNclRLZy-GkpVgrcqKn44463LhQEIGm58L2ZhBtjobl2W1O4JqyCpGbUF2mL0_tL68lVtfiwLir5vz9T-nSRI-vvlaogGDVotJKD7lkxYLNh5O-2ktdSji5Q5Eo6U8XqcoSW5_iZ3zNPUUs6KdMMwS_maSIsR6OCp12t1A6NgzKfjCgaHh4UbJlaOtu24JFJp4xe6VemLTE-ElFTPZZp1g”,
“payload”: “”
}
https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/88782123 HTTP/1.1” 200 809
Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Aug 2020 16:08:11 GMT
Content-Type: application/json
Content-Length: 809
Connection: keep-alive
Boulder-Requester: 15002956
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002bxIOh_vjDdvl10pswpvQ_UgHgnD42Bq-ZIqzzLCbkNU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “smart.nysa.eu”
},
“status”: “pending”,
“expires”: “2020-08-11T16:07:30Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/Jx9btA”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/PRUEIg”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/AY1Nvw”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
}
]
}
Storing nonce: 0002bxIOh_vjDdvl10pswpvQ_UgHgnD42Bq-ZIqzzLCbkNU
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/88782123:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAwMjk1NiIsICJub25jZSI6ICIwMDAyYnhJT2hfdmpEZHZsMTBwc3dwdlFfVWdIZ25ENDJCcS1aSXF6ekxDYmtOVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84ODc4MjEyMyJ9”,
“signature”: “Wjgp4WwyY_uIEqomyi2byGX1gOEDne9GOIdOml-VwtcZNPWEmbcHX46DJuk82gqkKsnR9TQafNwDiAIOoyNOC4eRK61bem4gb2lJmtzGrCBfye5yYEhvidBCXl4iUILIm2YQYyvhY-3HytCMruTo4TsWgdv_r1sui8W5ExSEhOqMAuJJRvP1EuFHrggYDITtllD8lPy1Z7JoRg8NpXLnj99fjo_At2apjpTlX1IEAFOE95Ak0tWn_FgmPV4L4JbIaCjCzT-6jqWyPDOwX0Q2-C_3h5EHrP3RzCJ2t6oR5lUq-UD95k78ybKYkiJllirppVLVpo8uag50l-oFW9jBjA”,
“payload”: “”
}
https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/88782123 HTTP/1.1” 200 809
Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Aug 2020 16:08:14 GMT
Content-Type: application/json
Content-Length: 809
Connection: keep-alive
Boulder-Requester: 15002956
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002OjXAbHyfI_SscXyrZSez3o-UQWLrNhylhfRH3-_yzbs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “smart.nysa.eu”
},
“status”: “pending”,
“expires”: “2020-08-11T16:07:30Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/Jx9btA”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/PRUEIg”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/AY1Nvw”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
}
]
}
Storing nonce: 0002OjXAbHyfI_SscXyrZSez3o-UQWLrNhylhfRH3-_yzbs
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/88782123:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAwMjk1NiIsICJub25jZSI6ICIwMDAyT2pYQWJIeWZJX1NzY1h5clpTZXozby1VUVdMck5oeWxoZlJIMy1feXpicyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84ODc4MjEyMyJ9”,
“signature”: “oatLvPyMWvbuxHrcB2mrqfVW4Lfkvog_xS6QrL70Yurt9djTP4XrSOTjB_ErIUU2s-CFK_jMU0cX4kYmc5ZPniUXrlO6t_cOqhubgaH4Hi6MlctvpBtxe6_FY4RyG4dXUhgVKdR4TslK7GFic103d-btSxarNfY1Tu5jagIewI3XC99ASOGEuee1U8pNDv1ClDEokfZlYiarYs_08Dpz7UJJfYhOiXULCGWWhYt8-rYUurwJEEAtfGHqhNsQfarCFXrzexL302fQzjsqpPWZnb9ecO1g9s2ZRGESG1lAdFCsgF0BfgYIUEKryBOD9VUzabxC85nfe6fTDiSSuQp6DQ”,
“payload”: “”
}
https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/88782123 HTTP/1.1” 200 809
Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Aug 2020 16:08:17 GMT
Content-Type: application/json
Content-Length: 809
Connection: keep-alive
Boulder-Requester: 15002956
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002e1Bn_2d6gUql3VMnEB7tdgDxN9nsDw4KvCIKcbDtljM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “smart.nysa.eu”
},
“status”: “pending”,
“expires”: “2020-08-11T16:07:30Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/Jx9btA”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/PRUEIg”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/AY1Nvw”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”
}
]
}
Storing nonce: 0002e1Bn_2d6gUql3VMnEB7tdgDxN9nsDw4KvCIKcbDtljM
JWS payload:
b’’
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/88782123:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTAwMjk1NiIsICJub25jZSI6ICIwMDAyZTFCbl8yZDZnVXFsM1ZNbkVCN3RkZ0R4Tjluc0R3NEt2Q0lLY2JEdGxqTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My84ODc4MjEyMyJ9”,
“signature”: “k8K7gGt3Fw8i8SOgECB3SndiqhiMKuJEI_lutl24RNvKT1hqWugm23kXNfFGZHkRomNkd3pT6QQZ9PXIgMflB72GXJ1KxD-trvfKxFO-nq0JkXLHgDxqTPZjjfNk7VuoMzJJ93CGvW-ca-ehunWKrvB8mlf4H3MK4DC3rMo61vp4L_fnjp3JMVvvk-TY-e_Cx69pHZWU3HAXhgUOZFIBL6_dEi4NxtW08HQ8bEp84-CEd4syz1mwJ4vxMZjmAAB0HDyuSwb4x-VOhdrNuXN0OhA6rP-4Gc7w9vUu3a86i-8bnZNITVvRGvRxeIS-aM1crbrmo-cPP9tvWwA6EiNXxQ”,
“payload”: “”
}
https://acme-staging-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/88782123 HTTP/1.1” 200 992
Received response:
HTTP 200
Server: nginx
Date: Tue, 04 Aug 2020 16:08:20 GMT
Content-Type: application/json
Content-Length: 992
Connection: keep-alive
Boulder-Requester: 15002956
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002KBf-8OyoIhb2Ezeh6kwRxgOcYg2Q6P981_f57mwSeso
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “smart.nysa.eu”
},
“status”: “invalid”,
“expires”: “2020-08-11T16:07:30Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://smart.nysa.eu/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0: Timeout during connect (likely firewall problem)”,
“status”: 400
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/88782123/Jx9btA”,
“token”: “36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”,
“validationRecord”: [
{
“url”: “http://smart.nysa.eu/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0”,
“hostname”: “smart.nysa.eu”,
“port”: “80”,
“addressesResolved”: [
“78.11.72.81”
],
“addressUsed”: “78.11.72.81”
}
]
}
]
}
Storing nonce: 0002KBf-8OyoIhb2Ezeh6kwRxgOcYg2Q6P981_f57mwSeso
Reporting to user: The following errors were reported by the server:

Domain: smart.nysa.eu
Type: connection
Detail: Fetching http://smart.nysa.eu/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. smart.nysa.eu (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://smart.nysa.eu/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0: Timeout during connect (likely firewall problem)

Calling registered functions
Cleaning up challenges
Removing /var/www/html/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0
All challenges cleaned up
Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1250, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. smart.nysa.eu (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://smart.nysa.eu/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0: Timeout during connect (likely firewall problem)
Failed authorization procedure. smart.nysa.eu (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://smart.nysa.eu/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: smart.nysa.eu
    Type: connection
    Detail: Fetching
    http://smart.nysa.eu/.well-known/acme-challenge/36ZsxCUdNGRa-rqBbm-Ev3StriVxvq66wHuOG7OApK0:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Hi @p3ko

see your check, ~~3 hours old - https://check-your-website.server-daten.de/?q=smart.nysa.eu

Domainname Http-Status redirect Sec. G
http://smart.nysa.eu/ 78.11.72.81 -14 10.037 T
Timeout - The operation has timed out
https://smart.nysa.eu/ 78.11.72.81 -14 10.056 T
Timeout - The operation has timed out
http://smart.nysa.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 78.11.72.81 -14 10.423 T
Timeout - The operation has timed out

Only timeouts.

So

  • your ip is wrong
  • your ISP
Host Type IP-Address is auth. ∑ Queries ∑ Timeout
smart.nysa.eu A 78.11.72.81 Jaworzno/Silesia/Poland (PL) - Netia SA Hostname: 78-11-72-81.static.ip.netia.com.pl yes 1 0
AAAA yes

blocks port 80, but you have older certificates.

  • Your port forwarding is wrong
  • you have additional firewalls

A working port 80 is always required, it’s not relevant which of these methods you use.

1 Like

Thank you for your quick reply. Yes I saw timeouts but when i open URL smart.nysa.eu in browser the site is displaying on both http and https so why there is timeout on https://check-your-website.server-daten.de/?q=smart.nysa.eu i don’t understand this.

Edit:
To be sure that port 80 and 443 is forwarded to correct server i create custom page with message “This is test site of its-1-vm-1 server.” if you open URL smart.nysa.eu you can see this message so port 80 and 443 is forwarded correctly.

I don’t see that, I see a timeout.

If an online tool can’t check your domain, Letsencrypt can’t check your domain.

1 Like

I meant if I/You open URL in browser. For me is strange that site work in browser but don’t work in some online tool. Thank You for your time.

It doesn’t work with my browser!

PS: But you can’t use my browser. So if one online tool can’t see your site, your site is blocked.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.