Timeout during connect (likely firewall problem)

My domain is: muxxlenetzwerk.at

I ran this command: ./letsencrypt-auto --d muxxlenetzwerk.at

It produced this output:

  • The following errors were reported by the server:

    Domain: muxxlenetzwerk.at
    Type: connection
    Detail: Fetching
    http://muxxlenetzwerk.at/.well-known/acme-challenge/UheZlUFRuuuJOHNLoreK6AXV_5lKpf5mFa3emNO33vg:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): Apache/2.4.38

The operating system my web server runs on is (include version): Raspian

My hosting provider, if applicable, is: Mine Server, Godaddy domain

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Someone know whats the problem? Maybe he can help me when we both on discord?

2 Likes

Hi @xCallMeNoah

your configuration is buggy, I don’t think that can work - see your check, one day old - https://check-your-website.server-daten.de/?q=muxxlenetzwerk.at

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
muxxlenetzwerk.at A 85.127.54.22 Graz/Styria/Austria (AT) - UPC Austria - B2C Networkblock Hostname: 85-127-54-22.dsl.dynamic.surfer.at yes 2 0
A 94.130.99.154 Nuremberg/Bavaria/Germany (DE) - Hetzner Online GmbH Hostname: static.154.99.130.94.clients.your-server.de yes 2 0
A 184.168.131.241 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-131-241.ip.secureserver.net yes 2 0
AAAA yes

One domain name with

  • a dynamic ip address
  • a Hetzner ip
  • a GoDaddy secureserver.net?

Looks like two of these ip addresses are wrong.

So Letsencrypt checks the wrong ip - and the server doesn’t answer.

3 Likes

Running into the same thing this morning, running checks via https://letsdebug.net is showing intermittent resolution, more than likely related to the CenturyLink/Cloudflare outages this morning. I think we’re stuck playing the waiting game until the upstream DNS provider is back to normal operation.

2 Likes

The main problem is the provider of the domain I think. The hetzner server was my old server. The dynamic ip adress is at the moment my provider where my server is connected

1 Like

Then you have to remove the other two ip addresses.

2 Likes

The problem is that I don’t know how to remove them.

You use GoDaddy or HostEurope to manage your domains - ns43.domaincontrol.com - there you have to remove these entries.

That’s not the job of the provider, that’s your setup.

2 Likes

ns43.domaincontrol.com is a nameserver from GoDaddy

@JuergenAuer do you have discord? Maybe you can help me with seeing my screen.

Ah I found my problem what you meant, thank you!

1 Like

Yep, now the newest check has only one ip address. And a new certificate:

CN=muxxlenetzwerk.at
	30.08.2020
	28.11.2020
expires in 90 days	muxxlenetzwerk.at, www.muxxlenetzwerk.at - 2 entries
2 Likes