Timeout during connect

domod · September 22, 2020, 1:37pm

It's been half a day I'm spending on this issue, I'm a Linux admin since 20 years and for me there is something wrong with Let's Encrypt servers not all reaching my customer web server for a reason I don't know...

My customer domain is: lista-porno.eu

Let's Encrypt module with PLESK

It produced this output:

ERR [extension/letsencrypt] Domain validation failed for lista-porno.eu: Invalid response from https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/116834587.
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: Fetching http://lista-porno.eu/.well-known/acme-challenge/BFk924N1I6KjgD2e7O2Sq6V02VB0G9CfjjFaaR9phtM Timeout during connect (likely firewall problem)

My web server is (include version): Apache + Nginx

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): PLESK

Some more details :

Firewall is open to port 80 + 443 (you can check yourself going to http/https with the ACME key).
There is only 1 "A" record for this domain and "www" subdomain, there are no "AAAA" records.

There are 3 requests (successful status 200) coming from lets encrypt validation servers to the my web server (access log below) :

|2020-09-22 12:55:39|Access|52.58.118.98|200|GET /.well-known/acme-challenge/BFk924N1I6KjgD2e7O2Sq6V02VB0G9CfjjFaaR9phtM HTTP/1.1||Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)|87|nginx access|
|2020-09-22 12:55:39|Access|34.211.60.134|200|GET /.well-known/acme-challenge/BFk924N1I6KjgD2e7O2Sq6V02VB0G9CfjjFaaR9phtM HTTP/1.1||Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)|87|nginx access|
|2020-09-22 12:55:40|Access|18.224.20.83|200|GET /.well-known/acme-challenge/BFk924N1I6KjgD2e7O2Sq6V02VB0G9CfjjFaaR9phtM HTTP/1.1||Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)|87|nginx access|

domod · September 22, 2020, 1:40pm

Same issue with Letsdebug

IssueFromLetsEncrypt

ERROR

A test authorization for lista-porno.eu to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.

Fetching http://lista-porno.eu/.well-known/acme-challenge/77cNezDBjxpljh8Zeguln2-5SFaYit1bDHzchXqzpk8 Timeout during connect (likely firewall problem)

THERE IS NO TIMEOUT BRO

domod · September 22, 2020, 1:43pm

I see some issues from Dallas and L.A. datacenters maybe ?

https://check-host.net/check-http?host=http://lista-porno.eu/

JuergenAuer · September 22, 2020, 2:32pm

Hi @domod

I can open that url, same via https://check-your-website.server-daten.de/?q=lista-porno.eu - see your 75 minutes old check.

So if letsdebug / Letsencrypt has a timeout, you may have a regional filter / firewall.

Find that filter and remove it.

Looks like one is missing.

domod · September 22, 2020, 2:47pm

There is no filter, server is freshly installed with PLESK, I'm not even sure that PLESK has any regional/country filter ?

I would be more saying that this last server of let's encrypt has any issues, or maybe the default timeout is too short ? I'll try modifying the timeout.

domod · September 22, 2020, 6:06pm

Not working :

check-availability-delay no success at all

system · October 22, 2020, 6:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.