Timeout during connect (likely firewall problem)


Currently I have a very strange problem on one VPS with creating new certs. I already created certs on many VPS with similar configuration but on this specific one I have a problem.

As of my understanding using certbot with standalone should start an own webserver and then make a file avaliable under /.well-known/… to be able to issue the certificate.

So here is whats weird for me currently: I am using certbot with standalone method but when the challenge is made it says that there is a timeout during connect. Though I can see that the traffic hits the VPS on port 80 ( I checked with tcpdump) and I see that python opened port 80 by checking netstat while certbot is running. I´m using certbot 0.28 on Debian 9 and the VPS is configured similar like other VPS I used to obtain certificates for (ansible managed from scratch). No firewall is filtering anything on port 80, it is totally open.

Standalone should start an own webserver which is absolutely working and the requests are definetly coming to the server, though they are timing out. What can be the problem here or is my understanding of the standalone method wrong in some way? I tried to remove certbot and reinstall it already and also tried certbot-auto, same result.

Thanks in advance!

Hi @tsch157

please answer the following questions. That’s the standard template of #help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like


Just after I wrote my message I was grasping at straws and tried unloading / loading csf firewall, now it works. It was really a firewall issue. The funny thing is that a nginx with a website is running on that server and its working with http/https without a problem from external as well, thats why I never considered the firewall to be evil. Maybe someone else already tried certbot on the server while the firewall was blocking connections from outside which caused letsencrypt to end up on a blacklist, thats my only explanation.

Sorry for wasting your time but thanks for your fast reply! I could finally help myself.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.