Timeout error with default certbot command on apache

My domain is: yottarock.ca

I ran this command: sudo certbot --apache

It produced this output: Congratulations! You have successfully enabled HTTPS on https://yottarock.ca and https://www.yottarock.ca

My web server is (include version): Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04.1 LTS

My hosting provider, if applicable, is:myself. personal mini pc

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ssh access, not sure if that is what is wanted

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.5.0

I get timeout error with the installation instruction posted above. It also fails on "sudo certbot renew --dry-run" sith colliding with port 80.

Thank you for your help

Hi @97Cweb, and welcome to the LE community forum

I'm confused:

Please show the output of:
certbot certificates

And, since we are dealing with Apache, also show:
sudo apachectl -t -D DUMP_VHOSTS

You need to open up port 443 on your firewall/router as well.

HTTP uses port 80, HTTPS uses port 443.

Found the following certs:
  Certificate Name: www.yottarock.ca
    Serial Number: 36a5f44023b39138732d3bff4e1cd84ad39
    Key Type: ECDSA
    Domains: www.yottarock.ca
    Expiry Date: 2023-07-15 23:06:18+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/www.yottarock.ca/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.yottarock.ca/privkey.pem
  Certificate Name: yottarock.ca
    Serial Number: 3992a7a82b301332032afd581148fd9cdc3
    Key Type: ECDSA
    Domains: yottarock.ca www.yottarock.ca
    Expiry Date: 2023-07-15 19:47:26+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/yottarock.ca/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/yottarock.ca/privkey.pem

DUMP_VHOSTS

VirtualHost configuration:
*:30001                Dokuwiki (/etc/apache2/sites-enabled/dokuwiki.conf:1)
*:443                  yottarock (/etc/apache2/sites-enabled/yottarock-le-ssl.conf:2)
*:80                   is a NameVirtualHost
         default server yottarock (/etc/apache2/sites-enabled/yottarock-le-ssl.conf:40)
         port 80 namevhost yottarock (/etc/apache2/sites-enabled/yottarock-le-ssl.conf:40)
                 alias www.yottarock.ca
                 alias yottarock.ca
         port 80 namevhost yottarock (/etc/apache2/sites-enabled/yottarock.conf:1)
                 alias www.yottarock.ca
                 alias yottarock.ca

Thank you for the reminder. I just opened those ports, however the timeout issue remains

Works for me:

image1496×758 75.3 KB

That is weird. I tried it on my home network, it failed, tried on my phone via data, it works. Any idea what may cause that?

It sounds like hairpin NAT isn't quite working properly correctly for you. It tends to be a pain on residential modem/routers. Sometimes routers reserve ports like 443/80 for internal usage (like the web panel), and you need to change those settings before hairpin NAT will work on those ports.

At any rate, that will only affect people on your internet network and it's not an issue with your server configuration or certificate.

Ok, thank you for your help!

Looks like you don't really need that first cert.

That's a name:port overlap.
[both files are serving the same names over the same port]

Thank you for finding that also

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.