Timeout during connect (likely firewall problem)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
chitatel.by uchitel.by
I tried to get certificates for both one and the second domain

I ran this command:
certbot -i nginx -v --authenticator manual
Afterwards I tried the commands:
certbot certonly --webroot -w /var/www/letsencrypt -d uchitel.by -d www.uchitel.by
and : certbot --nginx

It produced this output:

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: chitatel.by
Type: connection
Detail: During secondary validation: 178.163.229.75: Fetching http://chitatel.by/.well-known/acme-challenge/Z_JQdBm1EzpaM8CZ0bdRRuN61XMLGJhMlxboD9Q8mmI: Timeout during connect (likely firewall problem)

My web server is (include version):
nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
22.04.5 LTS (Jammy Jellyfish)

My hosting provider, if applicable, is:
A1 Digital Services FLLC

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

I checked that my site responds to the request for URI .well-known/acme-challenge - get 200

last time I got such nginx logs
в последний раз я у себя получал такие логи nginx
23.178.112.100 - - [30/Jan/2025:15:32:20 +0000] "GET /.well-known/acme-challenge/KNDT6Vvw8XeKp6V20mBIBMUOI9UGaKvYdTkVej2BZuM HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
23.178.112.105 - - [30/Jan/2025:15:32:20 +0000] "GET /.well-known/acme-challenge/Z_JQdBm1EzpaM8CZ0bdRRuN61XMLGJhMlxboD9Q8mmI HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
54.255.240.216 - - [30/Jan/2025:15:32:22 +0000] "GET /.well-known/acme-challenge/KNDT6Vvw8XeKp6V20mBIBMUOI9UGaKvYdTkVej2BZuM HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
54.255.240.216 - - [30/Jan/2025:15:32:22 +0000] "GET /.well-known/acme-challenge/Z_JQdBm1EzpaM8CZ0bdRRuN61XMLGJhMlxboD9Q8mmI HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

But despite this, the сукеище gives an error:

Press Enter to Continue
Waiting for verification...
Challenge failed for domain chitatel.by
Challenge failed for domain www.chitatel.by
http-01 challenge for chitatel.by
http-01 challenge for www.chitatel.by

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: chitatel.by
Type: connection
Detail: During secondary validation: 178.163.229.75: Fetching http://chitatel.by/.well-known/acme-challenge/Z_JQdBm1EzpaM8CZ0bdRRuN61XMLGJhMlxboD9Q8mmI: Timeout during connect (likely firewall problem)

Domain: www.chitatel.by
Type: connection
Detail: During secondary validation: 178.163.229.75: Fetching http://www.chitatel.by/.well-known/acme-challenge/KNDT6Vvw8XeKp6V20mBIBMUOI9UGaKvYdTkVej2BZuM: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.

Cleaning up challenges
Some challenges have failed.

Hello @Esserg, welcome to the Let's Encrypt community. :slightly_smiling_face:

You are using the HTTP-01 challenge which states "The HTTP-01 challenge can only be done on port 80."

There seems to be Geo Blocking shown here Permanent link to this check report and here Permanent link to this check report.

Please read these:

Edit

And using the online tool Let's Debug yields these results https://letsdebug.net/chitatel.by/2350920 and https://letsdebug.net/uchitel.by/2350921

2 Likes