Timeout during connect

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ticket01.thismonitor.net
I ran this command: sudo certbot certonly --webroot -w /var/www/osTicket/upload -d ticket01.thismonitor.net

It produced this output:

Certbot failed to authenticate some domains (authenticator: webroot). The Certif icate Authority reported these problems:
Domain: ticket01.thismonitor.net
Type: connection
Detail: 43.251.xxx.xxx: Fetching http://ticket01.thismonitor.net/.well-known/acm e-challenge/tFKq-axWe2WrjTFZU82ta3XDCUoEZpFWyCdiGIlagDA: Timeout during connect (likely firewall problem)

My web server is (include version): apache2.4

The operating system my web server runs on is (include version): ubuntu 22.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

The default HTTP domain validation method requires public HTTP access to your sites, so that means TCP port 80 has to be open and http requests have to reach your server. With the webroot method your own web server has to respond with the challenge response file, so that also means it needs to be listening for http on TCP port 80.

If you update your server configuration to allow http requests for your site the validation will probably work as long as the path you are providing is correct.

2 Likes

Alternatively you can use DNS validation (automatically updating a TXT record in response to the domain validation challenge), you're using AWS so you should be able to use a plugin like this: Welcome to certbot-dns-route53’s documentation! — certbot-dns-route53 0 documentation

2 Likes

Hi Bro,

TCP 80 is opened

tcping ticket01.thismonitor.net 80

Probing 43.251.65.65:80/tcp - Port is open - time=3.423ms
Probing 43.251.65.65:80/tcp - Port is open - time=1.707ms
Probing 43.251.65.65:80/tcp - Port is open - time=0.854ms
Probing 43.251.65.65:80/tcp - Port is open - time=1.085ms

But still getting the same error.

Can you help me check please?

Do you have Geo-Location blocking?
Where did you test from?

I get:

curl -Ii ticket01.thismonitor.net
curl: (56) Recv failure: Connection reset by peer

LD sees:
Let's Debug (letsdebug.net)

1 Like

How can I check if I have Geo-location blocking?

Do you know what defenses are enabled on your system?
Do you know what devices are inline that protect your IP?

1 Like

I tested from our office IP's and with VPN from Korea, Turkey and others.
Im able to access.

But my problem is unable to get certificate

Ticket01.thismonitor.net - Is Ticket01 Down Right Now? (isitdownrightnow.com)

LE needs to reach your site.
It can't reach it:

LD can't reach it:

3 Likes

Usually the easiest way to check is to run https://letsdebug.net which will check to see if you're site is accessible outside your own network. You can also just try using your phones mobile data instead of your wifi to access your site as http:// - it doesn't matter if your site works on your office network, because Let's Encrypt are not on your office network.

As an aside, for native English speakers "Bro" is generally considered a confrontational or negative form of address and is not how to ask for help :slight_smile:

2 Likes

Do you know how can i solve this?
im having a hard time to resolve this since i allowed port 80 already on my firewall

Can i try to use DNS-01 for this issue for now?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.