Timeout during connect (likely firewall problem)


#1

Good day.

I have a problem:

https://acme-v02.api.letsencrypt.org/acme/challenge/d3TMQEyrtiAVzMZvfluSDD95YBrqWvCd1h75xdhwzQE/11064888214

but if you follow the link
http://ch.devboss.org/.well-known/acme-challenge/7crui8FUyI2t07uaYfITMjcMeBks560BVesWGnc1NHc

then all is well

And so with all my domains:
dashboard.affiliate.devboss.org, ch.devboss.org, storage.1xchamp.devboss.org, storage.champion.devboss.org, backend.affiliate.devboss.org, backend.champion.devboss.org, dashboard.champion.devboss.org, champion.devboss.org, storage.aff-jp-casino.devboss.org, backend.1xchamp.devboss.org, dashboard.1xchamp.devboss.org, 1xchamp.devboss.org, storage.affiliate.devboss.org, backend.aff-jp-casino.devboss.org, affiliate.devboss.org, aff-jp-casino.devboss.org, dashboard.aff-jp-casino.devboss.org

This happens with one, then with another. But not at the same time.
What to do?


#2

here is another domain

Verifying 1xchamp.devboss.org…
1xchamp.devboss.org verified!
Verifying aff-jp-casino.devboss.org…
aff-jp-casino.devboss.org verified!
Verifying affiliate.devboss.org…
affiliate.devboss.org verified!
Verifying ch.devboss.org…
ch.devboss.org verified!
Verifying dashboard.1xchamp.devboss.org…
dashboard.1xchamp.devboss.org verified!
Verifying dashboard.aff-jp-casino.devboss.org…

ValueError: Challenge did not pass for dashboard.aff-jp-casino.devboss.org: {u’status’: u’invalid’, u’challenges’: [{u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’http://dashboard.aff-jp-casino.devboss.org/.well-known/acme-challenge/5xyDqgwYegTFuKjKTUvg8P5BpFHN_ge6P4o__rkKIjY’, u’hostname’: u’dashboard.aff-jp-casino.devboss.org’, u’addressUsed’: u’88.198.144.155’, u’port’: u’80’, u’addressesResolved’: [u’88.198.144.155’]}], u’url’: u’https://acme-v02.api.letsencrypt.org/acme/challenge/ZS5NrmnVzUx9w4LHeDCtnjAM2-PkL5Gg3yXSyMObVnA/11064888228’, u’token’: u’5xyDqgwYegTFuKjKTUvg8P5BpFHN_ge6P4o__rkKIjY’, u’error’: {u’status’: 400, u’type’: u’urn:ietf:params:acme:error:connection’, u’detail’: u’Fetching http://dashboard.aff-jp-casino.devboss.org/.well-known/acme-challenge/5xyDqgwYegTFuKjKTUvg8P5BpFHN_ge6P4o__rkKIjY: Timeout during connect (likely firewall problem)’}, u’type’: u’http-01’}, {u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/challenge/ZS5NrmnVzUx9w4LHeDCtnjAM2-PkL5Gg3yXSyMObVnA/11064888229’, u’token’: u’924GhEx7PtLlh6LLVaAbg66oltoBWTHHWAX_lmnLB0Q’, u’type’: u’dns-01’}, {u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/challenge/ZS5NrmnVzUx9w4LHeDCtnjAM2-PkL5Gg3yXSyMObVnA/11064888230’, u’token’: u’GLFZ3RZ49wgUINDPqBEV4G90fXBsxY_Fr3l7AjOYYZc’, u’type’: u’tls-alpn-01’}], u’identifier’: {u’type’: u’dns’, u’value’: u’dashboard.aff-jp-casino.devboss.org’}, u’expires’: u’2019-01-11T11:59:29Z’}


#3

Hi @ponyol

I see, you have some of your domains checked via https://check-your-website.server-daten.de/?q=champion.devboss.org - that looks ok, a http status 404 is expected.

Which tool do you use to create the certificate? Does this mean, that the challenge of this domain was confirmed, there

https://acme-v02.api.letsencrypt.org/acme/challenge/d3TMQEyrtiAVzMZvfluSDD95YBrqWvCd1h75xdhwzQE/11064888214

not? So this

would be the result.

Looks like a spamfilter / DDOS-protection or something else that blocks requests. Sometimes this domain, sometimes another domain.


#4

i use it

Until January 1, everything worked. Server configuration has not changed. Filters did not stand any and not worth it.

All domains on one server. And they randomly give an error.


#5

Checking your domain with

https://www.uptrends.com/tools/uptime

from different ip addresses it’s completely red (the http status 400). But there is no timeout.

  • sometimes your server has a timeout if there are too much requests or
  • your hoster has a ddos / spam-detection

It is possible that you create one certificate per domain. Then Letsencrypt caches the confirmed challenges (30 days). So you can create one certificate with all domain names without a new challenge.

Or you add something like a “sleep” to this script. So between two challenge confirmations the script waits 30 seconds.


#6

Probably not the cause but worth also looking at are available system resources (i.e. memory and CPU)


#7

helped timeout in the script.
thanks for answers.