Timeout during connect - Unraid Docker - Ports open

Hello,

got a strange problem, i’ve run LetsEncrypt in a Docker and set it up successfully on another domain with the same configuration as mine (Docker, Unraid, Firewall, same ISP,…) but on my domin everytime after the it performes the challenges it failes and reports a timeout.

Can someone help me please? Also attached my full letsencrypt log at the end.

Regards, Christoph

My domain is: www.minenet.at

It produced this output: Timeout during connect

My web server is (include version): nginx 1.14.2

The operating system my web server runs on is (include version): Unraid, Letsencrypt Docker

My hosting provider, if applicable, is: self hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.32.0

Letsencrypt.log

Completely my fault i’ve had an old GEO IP block rule on that blocks all traffic from the US.
Now it works!

Hi @ich777

your log says that you have used standalone. So Certbot creates an own running webserver.

But:

2019-04-03 16:32:11,841:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2019-04-03 16:32:11,842:DEBUG:acme.standalone:Certbot wasn’t able to bind to :80 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2019-04-03 16:32:11,903:INFO:certbot.auth_handler:Waiting for verification…

Ipv4 doesn’t work, because the port is blocked. So ipv6 is used.

But: You don’t have a public ipv6 address ( https://check-your-website.server-daten.de/?q=airsonic.minenet.at ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
airsonic.minenet.at A 80.123.85.98 yes 1 0
AAAA yes
www.airsonic.minenet.at A 80.123.85.98 yes 1 0
AAAA yes

So that can’t work.

Try to use your running nginx:

certbot --nginx [other parameters]

If that doesn’t work, switch to webroot.

@JuergenAuer Sorry for that, like in my post above i’ve had an old GEO IP block rule on that blocks all traffic from the US, turned it off and now it works perfectly fine.
The post can be deleted, completely my fault. :disappointed_relieved:

Then it’s curious.

Your log says, that the standalone webserver can only use ipv6.

And Letsencrypt connected your ipv4:

         "url": "http://ts.minenet.at/.well-known/acme-challenge/X1sylmJRREKqbkLDaw43Yka9Eor7aqKe47dGLvHg3Hw",
          "hostname": "ts.minenet.at",
          "port": "80",
          "addressesResolved": [
            "80.123.85.98"
          ],
          "addressUsed": "80.123.85.98"

So there must be an internal redirect ipv4 -> ipv6 if that had worked.

Or you have stopped your running webserver, so the ipv4 : 80 could be used.

I can only stop the “old” webserver and start the “new” webserver because both are docker and they would conflict with the port 80 and port 443, everything is working now fine.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.