Timeout during connect (likely firewall problem)

Help
#1

We have problems with challenge. LE cant reach one specific IP 185.31.240.175 (domain c24.ee).
mtr --address 185.31.240.175 66.133.109.36
Host Loss% Last Avg Best Wrst StDev
1. 172.31.254.1 0.0% 0.3 0.2 0.2 0.3 0.0
2. 85.234.244.82 0.0% 0.2 0.1 0.1 0.2 0.0
3. 85.234.244.40 0.0% 0.4 0.2 0.1 0.4 0.1
4. r7-eth-3-3-0-TLL-VS.ee.zonedata.net 0.0% 0.2 0.3 0.2 0.4 0.0
5. r3-eth-3-1-0-TLL-TIX.ee.zonedata.net 0.0% 0.2 0.3 0.2 1.3 0.3
6. r1-eth-3-1-0-TLL-Linx.ee.zonedata.net 0.0% 7.2 2.9 0.3 9.8 3.5
7. 194.204.1.145 0.0% 0.3 4.8 0.3 40.4 11.8
8. 213.192.184.221 0.0% 0.5 0.5 0.4 0.7 0.1
9. 213.192.184.74 0.0% 8.9 7.6 7.5 8.9 0.4
10. et-0-0-13.edge1.Stockholm1.Level3.net 0.0% 7.6 8.6 7.5 15.5 2.2
11. 4.69.137.41 0.0% 170.9 171.0 170.9 171.0 0.0
12. ???
Another IP from same subnet:
mtr --address 185.31.240.43 66.133.109.36
Host Loss% Last Avg Best Wrst StDev
1. 172.31.254.1 0.0% 0.2 0.2 0.1 0.2 0.0
2. 85.234.244.82 0.0% 0.2 0.2 0.2 0.2 0.0
3. 85.234.244.40 0.0% 0.1 0.1 0.1 0.2 0.0
4. r7-eth-3-3-0-TLL-VS.ee.zonedata.net 0.0% 0.3 0.3 0.3 0.5 0.1
5. r3-eth-3-1-0-TLL-TIX.ee.zonedata.net 0.0% 0.2 0.2 0.2 0.2 0.0
6. r1-eth-3-1-0-TLL-Linx.ee.zonedata.net 0.0% 0.3 1.5 0.3 3.7 1.6
7. 194.204.1.145 0.0% 0.3 0.3 0.3 0.4 0.0
8. 213.192.184.221 0.0% 1.9 1.4 0.4 3.0 1.0
9. 213.192.184.74 0.0% 11.1 9.4 7.5 12.6 2.3
10. et-0-0-13.edge1.Stockholm1.Level3.net 0.0% 7.6 10.2 7.5 20.7 5.9
11. 4.69.137.41 0.0% 171.4 171.3 171.2 171.4 0.1
12. VIAWEST-INT.bar2.SaltLakeCity1.Level3. 0.0% 175.1 175.0 174.9 175.1 0.1
13. be21.bbrt02.slc04.viawest.net 0.0% 174.8 174.9 174.8 175.0 0.1
14. be151.crrt01.slc07.viawest.net 0.0% 170.8 170.8 170.7 171.1 0.2
15. vl62.aggm01.slc07.viawest.net 0.0% 170.4 170.5 170.4 170.6 0.1
16. outbound1.letsencrypt.org 0.0% 170.7 170.7 170.7 170.8 0.1

Is this IP 185.31.240.175 blocked?

#2

Hi @Silver

please share the complete command and output.

Checking the domain there is a (wrong looking) redirect to another domain ( https://check-your-website.server-daten.de/?q=c24.ee ):

Domainname Http-Status redirect Sec. G
http://c24.ee/
185.31.240.175 301 https://credit24.ee/ 0.197 E
http://www.c24.ee/
185.31.240.175 301 https://credit24.ee/ 0.167 E
https://c24.ee/
185.31.240.175 301 https://credit24.ee/ 0.597 N
Certificate error: RemoteCertificateNameMismatch
https://www.c24.ee/
185.31.240.175 301 https://credit24.ee/ 0.564 N
Certificate error: RemoteCertificateNameMismatch
https://credit24.ee/ 200 0.767 I
http://c24.ee/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.31.240.175 200 0.270
Visible Content:
http://www.c24.ee/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.31.240.175 200 0.216
Visible Content:

And /.well-known/acme-challenge/random-filename answers with a http status 200, not the expected status 404 - Not Found.

Last certificate is new:

CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
	2019-06-10 08:52:53
	2019-09-08 08:52:53
	c24.ee, koduraha.ee, www.c24.ee, www.koduraha.ee - 4 entries

but you don't use it, instead, there is a wrong certificate.

CN=*.credit24.ee, O=IPF Digital AS, L=Tallinn, C=EE
	10.08.2018
	15.08.2019
expires in 49 days	*.credit24.ee, credit24.ee - 2 entries

Looks like the wrong vHost is used. Perhaps with an additional redirect to the wrong domain.

#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.