Timeout during connect (likely firewall problem)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
torranceairductcleaning.com

I ran this command:
wo site update torranceairductcleaning.com -le
and
wo site update torranceairductcleaning.com -le --force

It produced this output:

2020-12-23 12:42:48,068 (INFO) wo : Issuing SSL cert with acme.sh
2020-12-23 12:42:48,069 (DEBUG) wo.core.logging : Running command: /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --issue -d 'torranceairductcleaning.com' -d 'www.torranceairductcleaning.com' -w /var/www/html -k "ec-384" -f
2020-12-23 12:43:02,626 (DEBUG) wo.core.logging : Command Output: [Wed 23 Dec 2020 12:42:48 PM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed 23 Dec 2020 12:42:48 PM UTC] Multi domain='DNS:torranceairductcleaning.com,DNS:www.torranceairductcleaning.com'
[Wed 23 Dec 2020 12:42:48 PM UTC] Getting domain auth token for each domain
[Wed 23 Dec 2020 12:42:49 PM UTC] Getting webroot for domain='torranceairductcleaning.com'
[Wed 23 Dec 2020 12:42:50 PM UTC] Getting webroot for domain='www.torranceairductcleaning.com'
[Wed 23 Dec 2020 12:42:50 PM UTC] Verifying: torranceairductcleaning.com
[Wed 23 Dec 2020 12:42:52 PM UTC] Pending
[Wed 23 Dec 2020 12:42:54 PM UTC] Pending
[Wed 23 Dec 2020 12:42:57 PM UTC] Pending
[Wed 23 Dec 2020 12:42:59 PM UTC] Pending
Command Error: [Wed 23 Dec 2020 12:43:01 PM UTC] torranceairductcleaning.com:Verify error:Fetching http://torranceairductcleaning.com/.well-known/acme-challenge/G8ZKPHZF7CsgkJwracK9eSg_Cnzd9CPGfrDMA6Gps-4: Timeout during connect (likely firewall problem)
[Wed 23 Dec 2020 12:43:01 PM UTC] Please add '--debug' or '--log' to check more details.
[Wed 23 Dec 2020 12:43:01 PM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2020-12-23 12:43:02,627 (INFO) wo : Issuing SSL cert with acme.sh
2020-12-23 12:43:02,627 (ERROR) wo : Your domain is properly configured but acme.sh was unable to issue certificate.
You can find more informations in /var/log/wo/wordops.log

My web server is (include version):
nginx/1.18.0 (WordOps Nginx-wo)

The operating system my web server runs on is (include version):
Ubuntu 20.4 64x

My hosting provider, if applicable, is: Vultr VPS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): WordOps

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
using acme.sh via WordOps

1 Like

Hi @pingwww

your question is your answer.

There is a timeout.

A working port 80 / http is required if you want to create a certificate via http validation.

Not a timeout. Change that.

PS: Ah, there is a check of your domain, ~~40 minutes old - https://check-your-website.server-daten.de/?q=torranceairductcleaning.com#url-checks

Only timeouts. Answers are required.

1 Like

I had not restarted the server after adding the IP :slightly_smiling_face:
But now I am rate limited. How long do I have to wait before trying again?

Command Error: [Wed 23 Dec 2020 01:29:10 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
1 Like

About an hour, correct?
There is a Failed Validation limit of 5 failures per account, per hostname, per hour.

1 Like

Now it looks better, your server answers.

But there

http://torranceairductcleaning.com/.well-known/acme-challenge/G8ZKPHZF7CsgkJwracK9eSg_Cnzd9CPGfrDMA6Gps-4

is a http status 403, not the expected http status 404 - Not Found.

Fix that before you try to create the next certificate.

May be create a test file there (file name 1234) and check, if you are able to load that file via your browser.

1 Like

For some reason it is trying to create the .well-known folder in the default server root, not the site root. It's pulling the wrong root. I am not running the acme.sh script myself, but through WordOps, which worked fine on the previous 3 servers, so I've no idea why this is different now.

2020-12-23 15:52:19,816 (DEBUG) wo.core.logging : Validation : Webroot mode
2020-12-23 15:52:19,817 (DEBUG) wo.core.logging : Changing ownership of /var/www/html/.well-known, Userid:33,Groupid:33
2020-12-23 15:52:19,817 (DEBUG) wo.core.logging : Changing permission of /var/www/html/.well-known, Perm:488
2020-12-23 15:52:19,817 (INFO) wo : Validation mode : Webroot challenge
2020-12-23 15:52:19,817 (INFO) wo : Issuing SSL cert with acme.sh
2020-12-23 15:52:19,817 (DEBUG) wo.core.logging : Running command: /etc/letsencrypt/acme.sh --config-home '/etc/letsencrypt/config' --issue -d 'torranceairductcleaning.com' -d 'www.torranceairductcleaning.com' -w /var/www/html -k "ec-384" -f
2020-12-23 15:52:24,907 (DEBUG) wo.core.logging : Command Output: [Wed 23 Dec 2020 03:52:20 PM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed 23 Dec 2020 03:52:20 PM UTC] Multi domain='DNS:torranceairductcleaning.com,DNS:www.torranceairductcleaning.com'
[Wed 23 Dec 2020 03:52:20 PM UTC] Getting domain auth token for each domain
[Wed 23 Dec 2020 03:52:21 PM UTC] Getting webroot for domain='torranceairductcleaning.com'
[Wed 23 Dec 2020 03:52:21 PM UTC] Getting webroot for domain='www.torranceairductcleaning.com'
[Wed 23 Dec 2020 03:52:21 PM UTC] Verifying: torranceairductcleaning.com
,
Command Error: [Wed 23 Dec 2020 03:52:24 PM UTC] torranceairductcleaning.com:Verify error:Invalid response from http://torranceairductcleaning.com/.well-known/acme-challenge/R9yICyftBYC7kcY_Kpj6oxVmh3S6caYru8-IKSffD7Q [207.246.85.153]:
[Wed 23 Dec 2020 03:52:24 PM UTC] Please add '--debug' or '--log' to check more details.
[Wed 23 Dec 2020 03:52:24 PM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
1 Like

Found a solution, as given here: https://community.wordops.net/d/173-letsencrypt-setup-verify-error/5
It was a permissions issue, all I had to do is run these commands:

chown -R www-data:www-data /var/www/html /var/www/html/.well-known
chmod 750 /var/www/html /var/www/html/.well-known

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.