Timeout during connect


#1

Hello,

My domain is:
lodomusbcn.com

I ran this command:

certbot --apache -d lodomusbcn.com,www.lodomusbcn.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lodomusbcn.com
http-01 challenge for www.lodomusbcn.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.lodomusbcn.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.lodomusbcn.com/.well-known/acme-challenge/HBIRfOu0E__wsVfTklUo1kXN7NvFInazu-V3tGnNaDE: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.lodomusbcn.com
   Type:   connection
   Detail: Fetching
   http://www.lodomusbcn.com/.well-known/acme-challenge/HBIRfOu0E__wsVfTklUo1kXN7NvFInazu-V3tGnNaDE:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 16.04

What to do? I disabled the firewall and I get the same error. It used to work a couple of months ago, just upgraded the certbot version.

Thank you


#2

Hi @fernandoch,

The A record for your domain lodomusbcn.com points to 5.196.73.140 but your subdomain www.lodomusbcn.com points to another ip address 5.135.181.224. Are you sure the ip for www subdomain is the right one?.

Cheers,
sahsanu


#3

They are the same, maybe they did not propagate yet…

I changed them like 3 hours ago.

Where are you checking them?


#4

I’m asking directly to your authoritative name servers:

$ dig @dns1.registrar-servers.com lodomusbcn.com +short
5.196.73.140
$ dig @dns2.registrar-servers.com lodomusbcn.com +short
5.196.73.140

$ dig @dns1.registrar-servers.com www.lodomusbcn.com +short
5.135.181.224
$ dig @dns2.registrar-servers.com www.lodomusbcn.com +short
5.135.181.224

#5

Well, maybe I just have to wait and it will work?


#6

OK, it worked. I changed the TTL to 1 min and it updated.

I ran the certbot command again and all working!

Thank for the help.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.