Timeout for Certificate creation regardless of method

All of my domains are accessible through port 80, and 445. and i can access the basic Nginx page from anywhere, including a VPN, but for some weird reason, if i try to use certbot, or even manually through zerossl and the likes, it gives a timeout error every time.

My domain is:

vizmonkey.tk
www.vizmonkey.tk
cloud.vizmonkey.tk
mail.vizmonkey.tk

I ran this command:

certbot --authenticator webroot --installer nginx

It produced this output:

Unable to clean up challenge directory /var/www/vizmonkey/.well-known/acme-challenge
Failed authorization procedure. cloud.vizmonkey.tk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cloud.vizmonkey.tk/.well-known/acme-challenge/EiMGI2GjFeKl2Nzk6l_wA_8Jozt0jDtrONg0AJ4nwaE: Timeout, www.vizmonkey.tk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.vizmonkey.tk/.well-known/acme-challenge/zPtOCWIxDkl1q87tZd4Fi2dxtatZomlloU0XVs7gNoQ: Timeout, mail.vizmonkey.tk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.vizmonkey.tk/.well-known/acme-challenge/rjB6x7rIcer_bO9Ko40r7DeoFmRCV0FXOyfRERfKS6c: Timeout, vizmonkey.tk (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://vizmonkey.tk/.well-known/acme-challenge/Nke9Qt6bG0plsPiOYCItY48ESLLTq6mUFDTUtnNYy4A: Timeout

My web server is (include version):

Nginx V. 1.10.3

The operating system my web server runs on is (include version):

Debian 9 (Stretch)

My hosting provider, if applicable, is:

Self Hosted

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

it probably has much to do with the TLD .tk

I can’t access it either.

http://vizmonkey.tk/ times out.

http://vizmonkey.tk:443/ is a functioning HTTP server, but port 443 is supposed to be HTTPS.

Can you double check your firewall and port forwarding rules?

1 Like

Please try to access them again, i adjusted them and everything works on my side

Can you clarify please?

http://vizmonkey.tk/ still times out.

https://vizmonkey.tk/ and http://vizmonkey.tk:443/ no longer work at all. Not sure exactly why.

I meant to say before, along with port forwarding, the port 443 issue could be related to the web server configuration.

Here is my Nginx Config right now

server {
listen 80;
listen [::]:80;

server_name vizmonkey.tk www.vizmonkey.tk cloud.vizmonkey.tk mail.vizmonkey.tk;

root /var/www/vizmonkey;
index index.html;

default_type text/plain;

location / {
	try_files $uri $uri/ =404;
}
location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}

}

server {
listen 443 ssl;
listen [::]:443 ssl;

server_name vizmonkey.tk www.vizmonkey.tk cloud.vizmonkey.tk mail.vizmonkey.tk;

root /var/www/vizmonkey;
index index.html;

default_type text/plain;

location / {
	try_files $uri $uri/ =404;
}
location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}

}

Okay. The port 443 virtual host won’t work right as long as it doesn’t have a certificate and key. (Even if it’s a self-signed certificate.) It’s just how Nginx is. It’s working (or not working) as designed.

The port 80 issue is probably something else, like a firewall on your network, or your ISP.

When i access http://vizmonkey.tk/ i get this

1

and when accessing https://vizmonkey.tk i get this

2

i tried that through different ISP’s, and even a US VPN

and pinging vizmonkey.tk gives correct replies

I can’t ping vizmonkey.tk, either.

The port 443 errors probably mean those packets are actually reaching the server, but port 80 and ICMP appear to be filtered.

Thank you for your help, greatly appreciated.

Any ideas how we may solve this issue?

It depends.

Check for firewall rules in your router or your computer.

Make sure your ISP doesn’t block port 80 entirely.

Any specific way to know that?

And if this was the case, how am i able to access the domain via other ISP's?

Ask them, or Google it and see if other customers have written about it.

My best guesses are that the public DNS records are incorrect and Let's Encrypt and I have been accessing the wrong IP this whole time, or that you weren't actually accessing it via other ISPs.

Or maybe there's a strange routing issue with the ISP.

@JohnAntoineG, what IP address do you see when you ping the server?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.