Timeout during connect (likely firewall problem)

Tomas · June 6, 2019, 2:10pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail2.acedesmail.cz

I ran this command: sudo /usr/local/bin/certbot-auto --apache

It produced this output:
Domain: mail2.acedesmail.cz
Type: connection
Detail: Fetching
http://mail2.acedesmail.cz/.well-known/acme-challenge/ERzD8r4Ql3s40wC2BacJ9RCXdUFsiBwjWTgVMXB8dhM:
Timeout during connect (likely firewall problem)

My web server is (include version): Apache/2.4.10 (Debian)

The operating system my web server runs on is (include version): Debian 8.11 Jessie

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, I can

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.35.0

I have opened the ports 80,443. I am able to visit my webpages and if I look on the counter of incoming packages on ports 80 that it´s growing.

If I use https://letsdebug.net/ it show me the same error like certbot

Thank you for help

JuergenAuer · June 6, 2019, 2:19pm

Hi @Tomas

there are some checks of your domain - https://check-your-website.server-daten.de/?q=mail2.acedesmail.cz

Your domain is invisible:

Domainname	Http-Status	Sec.	G
• http://mail2.acedesmail.cz/
81.19.10.131	-14	10.030	T
Timeout - The operation has timed out

• https://mail2.acedesmail.cz/
81.19.10.131	-14	10.027	T
Timeout - The operation has timed out

• http://mail2.acedesmail.cz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
81.19.10.131	-14	10.024	T
Timeout - The operation has timed out
Visible Content:

So this

may work only internal.

If you want to use http-01 validation, your server must answer.

Tomas · June 13, 2019, 2:07pm

Hello Juergen,

Thank you for reply and I apologize for the late response. Could you please explain me what is mean that server have to response and is invisible (can be caused by wrong DNS records?)?
If I use any browser (in some different places, different ISP) I am able to show the webpages, the server reply on the ping.

I am sorry for this stupid questions

Thank you
Tomas

mnordhoff · June 13, 2019, 2:23pm

Not for me.

$ ping mail2.acedesmail.cz
PING mail2.acedesmail.cz (81.19.10.131) 56(84) bytes of data.
^C
--- mail2.acedesmail.cz ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1998ms

Could there be a firewall blocking foreign countries? Or routing issues with the ISP?

JuergenAuer · June 13, 2019, 2:26pm

Use the online tool - there you see a timeout.

Same with my browser.

Tomas · June 13, 2019, 6:48pm

Thank you, I try it only from CZ not from foreign country. I’ll check if the Debian has some default block rules like this.

Our ISP haven’t any block rules.

system · July 13, 2019, 6:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.