Timeout during connect (likely firewall problem)

My domain is: muxxlenetzwerk.at

I ran this command: ./letsencrypt-auto --d muxxlenetzwerk.at

It produced this output:

  • The following errors were reported by the server:

    Domain: muxxlenetzwerk.at
    Type: connection
    Detail: Fetching
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): Apache/2.4.38

The operating system my web server runs on is (include version): Raspian

My hosting provider, if applicable, is: Mine Server, Godaddy domain

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Someone know whats the problem? Maybe he can help me when we both on discord?


Hi @xCallMeNoah

your configuration is buggy, I don’t think that can work - see your check, one day old - https://check-your-website.server-daten.de/?q=muxxlenetzwerk.at

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
muxxlenetzwerk.at A Graz/Styria/Austria (AT) - UPC Austria - B2C Networkblock Hostname: 85-127-54-22.dsl.dynamic.surfer.at yes 2 0
A Nuremberg/Bavaria/Germany (DE) - Hetzner Online GmbH Hostname: static. yes 2 0
A Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-131-241.ip.secureserver.net yes 2 0
AAAA yes

One domain name with

  • a dynamic ip address
  • a Hetzner ip
  • a GoDaddy secureserver.net?

Looks like two of these ip addresses are wrong.

So Letsencrypt checks the wrong ip - and the server doesn’t answer.


Running into the same thing this morning, running checks via https://letsdebug.net is showing intermittent resolution, more than likely related to the CenturyLink/Cloudflare outages this morning. I think we’re stuck playing the waiting game until the upstream DNS provider is back to normal operation.


The main problem is the provider of the domain I think. The hetzner server was my old server. The dynamic ip adress is at the moment my provider where my server is connected

1 Like

Then you have to remove the other two ip addresses.


The problem is that I don’t know how to remove them.

You use GoDaddy or HostEurope to manage your domains - ns43.domaincontrol.com - there you have to remove these entries.

That’s not the job of the provider, that’s your setup.


ns43.domaincontrol.com is a nameserver from GoDaddy

@JuergenAuer do you have discord? Maybe you can help me with seeing my screen.

Ah I found my problem what you meant, thank you!

1 Like

Yep, now the newest check has only one ip address. And a new certificate:

expires in 90 days	muxxlenetzwerk.at, www.muxxlenetzwerk.at - 2 entries

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.