Timeout during connect (likely firewall problem)

Hello,

I've been trying to generate certificates for my school project but with no luck.
I've followed a tutorial on digitalocean and have used a combination of WSGI, gunicorn and Flask.
I'm sure port 80,443 are open (see below).

Status: active

To                         Action      From
--                         ------      ----
Nginx HTTP                 ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
Nginx HTTP (v6)            ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)

My domain is:
definitelynotfakepills.club

I ran this command:
sudo certbot --nginx

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?


1: definitelynotfakepills.club
2: www.definitelynotfakepills.club


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for definitelynotfakepills.club and www.definitelynotfakepills.club

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: definitelynotfakepills.club
Type: connection
Detail: During secondary validation: Fetching http://definitelynotfakepills.club/.well-known/acme-challenge/gSkIfztZFit0ZyCsfEbNT4M7TUAvCXr6w7OTBlCygEA: Timeout during connect (likely firewall problem)

Domain: www.definitelynotfakepills.club
Type: connection
Detail: During secondary validation: Fetching http://www.definitelynotfakepills.club/.well-known/acme-challenge/ElY3T9x33sN74O1QKY1CNZqYvWJCsJHTWDwUr4L6-KQ: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
i dont think i can go into root but i do have sudo

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.16.0

Thanks in advance.

1 Like

Hi @darthtater,

Perhaps you also have set a policy in your DigitalOcean account to confirm that DigitalOcean should allow inbound connections on port 80?

The firewall policy you posted is from your own server, but there could also be a firewall in DigitalOcean's network (before connections even reach you) that needs to be configured as well.

This reminds me somehow of

http://www.shadyurl.com/create.php

as well as

https://verylegit.link/

2 Likes

Hello @schoen,

I've only followed a tutorial on DigitalOcean. i've purchased my domain name from namecheap.com and i dont see any options for inbound connections...

As for my what my site looks like, it's still in the very early stages due to the certificate generation delay.. :laughing: but yes it looks pretty sketchy if i do say so myself

1 Like

If you're hosted with DigitalOcean, you should also have access to a DigitalOcean control panel. I would check there to see if there are any settings that allow or block inbound connections.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.