Timeout during connect (likely firewall problem)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: multimedia-share.freeboxos.fr

I ran this command:
certbot certonly --standalone
certbot certonly --webroot

It produced this output:

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: multimedia-share.freeboxos.fr
Type: connection
Detail: 88.163.226.68: Fetching http://multimedia-share.freeboxos.fr/.well-known/acme-challenge/IZ7u-0fzm23uzNYQ3BvP_5JqlcxxRKvm6dIP9LO2BFE: Timeout during connect (likely firewall problem)

My web server is (include version): apache avec xampp

The operating system my web server runs on is (include version): Windows 10 Famille 22H2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.2.0

Bonjour,

Je vous contacte car je rencontre l'erreur ci-dessus et que je n'arrive pas à la résoudre. Quand le serveur apache est lancé avec xampp, j'arrive à accéder à mon site en http et https(non sécurisé).
J'ai ouvert le port 80 et 443 dans le firewall de windows.
MĂŞme avec win-acme, j'ai la mĂŞme erreur.

Aidez moi

Hello @Stan, welcome to the Let's Encrypt community. :slightly_smiling_face:

You are using the HTTP-01 challenge of the Challenge Types - Let's Encrypt which require Port 80 to be Open. Best Practice - Keep Port 80 Open

Currently you have no Open Ports

$ nmap -Pn multimedia-share.freeboxos.fr
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-22 19:48 UTC
Stats: 0:01:43 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 50.50% done; ETC: 19:52 (0:01:40 remaining)
Nmap scan report for multimedia-share.freeboxos.fr (88.163.226.68)
Host is up.
Other addresses for multimedia-share.freeboxos.fr (not scanned): 2a01:e0a:8f8:9110::1
rDNS record for 88.163.226.68: tss37-3_migr-88-163-226-68.fbx.proxad.net
All 1000 scanned ports on multimedia-share.freeboxos.fr (88.163.226.68) are filtered

Nmap done: 1 IP address (1 host up) scanned in 202.52 seconds
1 Like

Hey @Bruce5051

My bad, my server was off, but now that it's turned on, the port is still closed even though I defined the rule in the firewall.

How do I open the port? What are the steps to follow?

Bonjour @Stan,

Il existe également une section de rubrique d'aide en français
lien ici: Aide (en français) - Let's Encrypt Community Support

1 Like

That depends.
Where is it hosted?
Is it behind a firewall?
Is there a NAT router?

No answer, leaves us to make guesses.
I guess... You are hosting this via your home ISP and you haven't port forwarded the NAT router.

2 Likes

Hi @Stan,

Presently I am seeing this (no ports open)

$ nmap -Pn multimedia-share.freeboxos.fr
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-22 20:35 UTC
Nmap scan report for multimedia-share.freeboxos.fr (88.163.226.68)
Host is up (0.016s latency).
Other addresses for multimedia-share.freeboxos.fr (not scanned): 2a01:e0a:8f8:9110::1
rDNS record for 88.163.226.68: tss37-3_migr-88-163-226-68.fbx.proxad.net
All 1000 scanned ports on multimedia-share.freeboxos.fr (88.163.226.68) are filtered

Nmap done: 1 IP address (1 host up) scanned in 22.01 seconds
1 Like

@rg305

my apache server is on a pc at home, I don't use a host.
the rule is well activated in the firewall with all the authorizations.
I redirect all incoming traffic to my pc with the DMZ of my freebox

What has change on your side since you were issued this Certificate crt.sh | 8909088047?

2 Likes

Are there any logs in the apache server of incoming connections?

3 Likes

@Bruce5051 I have not received any certificate
@rg305 yes I have access logs, what should I do before sending you the logs ? test the port 80 with the site you get signal for example ?

If the Internet can reach your apache, then we should be able to get you a cert.
Sadly, we see no connection:

curl -Ii6 multimedia-share.freeboxos.fr
curl: (56) Recv failure: Connection reset by peer

curl -Ii4 multimedia-share.freeboxos.fr
curl: (56) Recv failure: Connection reset by peer
3 Likes

I just tried with my mobile data and it doesn't work, my site only works locally. This must be due to the configuration of my freebox.
Do you know how to set it up?

does not mean the opposite of

I see no connectivity to the domain name with IPv4 or IPv6.
Via IPv4 nmap -4 -Pn

>nmap -4 -Pn multimedia-share.freeboxos.fr
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-22 21:06 UTC
Nmap scan report for multimedia-share.freeboxos.fr (88.163.226.68)
Host is up.
Other addresses for multimedia-share.freeboxos.fr (not scanned): 2a01:e0a:8f8:9110::1
rDNS record for 88.163.226.68: tss37-3_migr-88-163-226-68.fbx.proxad.net
All 1000 scanned ports on multimedia-share.freeboxos.fr (88.163.226.68) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)

Nmap done: 1 IP address (1 host up) scanned in 411.52 seconds

And via IPv6 nmap -6 -Pn

nmap -6 -Pn multimedia-share.freeboxos.fr
Starting Nmap 7.93 ( https://nmap.org ) at 2023-03-22 21:06 UTC
Nmap scan report for multimedia-share.freeboxos.fr (2a01:e0a:8f8:9110::1)
Host is up.
Other addresses for multimedia-share.freeboxos.fr (not scanned): 88.163.226.68
All 1000 scanned ports on multimedia-share.freeboxos.fr (2a01:e0a:8f8:9110::1) are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)

Nmap done: 1 IP address (1 host up) scanned in 412.08 seconds
1 Like

I do not; I suggest checking their forums.

2 Likes

Now you see the problem.
Now you can make progress to fix it.

3 Likes

if I give a domain name with a port number can it work?

with this link : multimedia-share.freeboxos.fr:20000

certbot doesn't work with port number

Sorry, No.

1 Like

Does your ISP allow you to host websites over port 80? Some don't.

Either way when the http (TCP port 80) request reaches your home IP address it goes through your router, which then has to forward the external TCP port 80 request (http) to your machine (on whatever port your web server is running it's http service on). Once that works your website will work as http and you can then use http validation for your certificate request.

3 Likes

Thanks for all your information, I will try to configure a DNS on my box. I think that's what I need

2 Likes