Timeout during connect (likely firewall problem)

My domain is: wikihoster.de

I ran this command: certbot renew

It produced this output:

My web server is (include version): Apache/2.4.38 (Debian)

The operating system my web server runs on is (include version): Debian GNU/Linux 10 (buster)

My hosting provider, if applicable, is: IN-Berlin (privately maintained though)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Did not touch this server in a while thus wondering that the issue could be.

It looks like connections to your domains using IPv6 are not working. When you have an AAAA record in your DNS the Let's Encrypt server will use that IPv6 address for http challenge requests. Your DNS looks like:

nslookup  da.wikihoster.de
A    Address: 217.197.83.171
AAAA Address: 2001:67c:1400:2180::1

Your error message is not what I would expect for this error. But, perhaps that is because your version is fairly old. Using the Let's Debug test site shows a clearer message (as would a more recent version of certbot)

You need to correct your IPv6 comms or remove the AAAA record if it is not correct.

7 Likes

Thanks a lot for your insight!

Hmm, it appears that the IP address which was active during the past 7 years has gone belly up two or three days ago. I will check with IN-Berlin to see what is going on. I will come back with the outcome.

PS I was not aware of my version of certbot being that old. I just use what the OS ships. Anyhow, it was good to learn that there is a tool allowing to check. :slight_smile:

6 Likes

It turns out that the default gateway for IPv6 was missing in the "interfaces" file at (/etc/network/). After fixing the entry in the file it works again.

What still remains a complete mystery is that the error was introduced to the file in September 2021 during some maintenance work and the resulting issue only started to appear in July 2022.

4 Likes

hmm...
That's long enough to make a baby!
[or grow a really nice beard]

3 Likes