Timeout for Certificate creation regardless of method


#1

All of my domains are accessible through port 80, and 445. and i can access the basic Nginx page from anywhere, including a VPN, but for some weird reason, if i try to use certbot, or even manually through zerossl and the likes, it gives a timeout error every time.

My domain is:

vizmonkey.tk
www.vizmonkey.tk
cloud.vizmonkey.tk
mail.vizmonkey.tk

I ran this command:

certbot --authenticator webroot --installer nginx

It produced this output:

Unable to clean up challenge directory /var/www/vizmonkey/.well-known/acme-challenge
Failed authorization procedure. cloud.vizmonkey.tk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cloud.vizmonkey.tk/.well-known/acme-challenge/EiMGI2GjFeKl2Nzk6l_wA_8Jozt0jDtrONg0AJ4nwaE: Timeout, www.vizmonkey.tk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.vizmonkey.tk/.well-known/acme-challenge/zPtOCWIxDkl1q87tZd4Fi2dxtatZomlloU0XVs7gNoQ: Timeout, mail.vizmonkey.tk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.vizmonkey.tk/.well-known/acme-challenge/rjB6x7rIcer_bO9Ko40r7DeoFmRCV0FXOyfRERfKS6c: Timeout, vizmonkey.tk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://vizmonkey.tk/.well-known/acme-challenge/Nke9Qt6bG0plsPiOYCItY48ESLLTq6mUFDTUtnNYy4A: Timeout

My web server is (include version):

Nginx V. 1.10.3

The operating system my web server runs on is (include version):

Debian 9 (Stretch)

My hosting provider, if applicable, is:

Self Hosted

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No


#2

it probably has much to do with the TLD .tk


#3

I can’t access it either.

http://vizmonkey.tk/ times out.

http://vizmonkey.tk:443/ is a functioning HTTP server, but port 443 is supposed to be HTTPS.

Can you double check your firewall and port forwarding rules?


#4

Please try to access them again, i adjusted them and everything works on my side


#5

Can you clarify please?


#6

http://vizmonkey.tk/ still times out.

https://vizmonkey.tk/ and http://vizmonkey.tk:443/ no longer work at all. Not sure exactly why.

I meant to say before, along with port forwarding, the port 443 issue could be related to the web server configuration.


#7

Here is my Nginx Config right now

server {
listen 80;
listen [::]:80;

server_name vizmonkey.tk www.vizmonkey.tk cloud.vizmonkey.tk mail.vizmonkey.tk;

root /var/www/vizmonkey;
index index.html;

default_type text/plain;

location / {
	try_files $uri $uri/ =404;
}
location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}

}

server {
listen 443 ssl;
listen [::]:443 ssl;

server_name vizmonkey.tk www.vizmonkey.tk cloud.vizmonkey.tk mail.vizmonkey.tk;

root /var/www/vizmonkey;
index index.html;

default_type text/plain;

location / {
	try_files $uri $uri/ =404;
}
location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}

}


#8

Okay. The port 443 virtual host won’t work right as long as it doesn’t have a certificate and key. (Even if it’s a self-signed certificate.) It’s just how Nginx is. It’s working (or not working) as designed.

The port 80 issue is probably something else, like a firewall on your network, or your ISP.


#9

When i access http://vizmonkey.tk/ i get this

1

and when accessing https://vizmonkey.tk i get this

2

i tried that through different ISP’s, and even a US VPN


#10

and pinging vizmonkey.tk gives correct replies


#11

I can’t ping vizmonkey.tk, either.

The port 443 errors probably mean those packets are actually reaching the server, but port 80 and ICMP appear to be filtered.


#12

Thank you for your help, greatly appreciated.

Any ideas how we may solve this issue?


#13

It depends.

Check for firewall rules in your router or your computer.

Make sure your ISP doesn’t block port 80 entirely.


#14

Any specific way to know that?

And if this was the case, how am i able to access the domain via other ISP’s?


#15

Ask them, or Google it and see if other customers have written about it.

My best guesses are that the public DNS records are incorrect and Let’s Encrypt and I have been accessing the wrong IP this whole time, or that you weren’t actually accessing it via other ISPs.

Or maybe there’s a strange routing issue with the ISP.


#16

@JohnAntoineG, what IP address do you see when you ping the server?


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.