Timeout during connect (likely firewall problem)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail2.acedesmail.cz

I ran this command: sudo /usr/local/bin/certbot-auto --apache

It produced this output:
Domain: mail2.acedesmail.cz
Type: connection
Detail: Fetching
http://mail2.acedesmail.cz/.well-known/acme-challenge/ERzD8r4Ql3s40wC2BacJ9RCXdUFsiBwjWTgVMXB8dhM:
Timeout during connect (likely firewall problem)

My web server is (include version): Apache/2.4.10 (Debian)

The operating system my web server runs on is (include version): Debian 8.11 Jessie

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, I can

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.35.0

I have opened the ports 80,443. I am able to visit my webpages and if I look on the counter of incoming packages on ports 80 that it´s growing.

If I use https://letsdebug.net/ it show me the same error like certbot

Thank you for help

Hi @Tomas

there are some checks of your domain - https://check-your-website.server-daten.de/?q=mail2.acedesmail.cz

Your domain is invisible:

Domainname Http-Status redirect Sec. G
http://mail2.acedesmail.cz/
81.19.10.131 -14 10.030 T
Timeout - The operation has timed out
https://mail2.acedesmail.cz/
81.19.10.131 -14 10.027 T
Timeout - The operation has timed out
http://mail2.acedesmail.cz/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
81.19.10.131 -14 10.024 T
Timeout - The operation has timed out
Visible Content:

So this

may work only internal.

If you want to use http-01 validation, your server must answer.

1 Like

Hello Juergen,

Thank you for reply and I apologize for the late response. Could you please explain me what is mean that server have to response and is invisible (can be caused by wrong DNS records?)?
If I use any browser (in some different places, different ISP) I am able to show the webpages, the server reply on the ping.

I am sorry for this stupid questions :frowning:

Thank you
Tomas

1 Like

Not for me.

$ ping mail2.acedesmail.cz
PING mail2.acedesmail.cz (81.19.10.131) 56(84) bytes of data.
^C
--- mail2.acedesmail.cz ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1998ms

Could there be a firewall blocking foreign countries? Or routing issues with the ISP?

2 Likes

Use the online tool - there you see a timeout.

Same with my browser.

Thank you, I try it only from CZ not from foreign country. I’ll check if the Debian has some default block rules like this.

Our ISP haven’t any block rules.