Timeout trying to get cert

Failed to aquire a Let's Encrypt certificate for server services.
Verification ended with an error.
Details: 167.235.57.106: Fetching https://app.yasinfardin.com/.well-known/acme-challenge/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI: Timeout during connect (likely firewall problem)
Type: urn:ietf:params:acme:error:connection
Full response: {"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/365474060687/BzeDvQ","status":"invalid","validated":"2024-06-18T08:00:06Z","error":{"type":"urn:ietf:params:acme:error:connection","detail":"167.235.57.106: Fetching https://app.yasinfardin.com/.well-known/acme-challenge/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI: Timeout during connect (likely firewall problem)","status":400},"token":"sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI","validationRecord":[{"url":"http://app.yasinfardin.com/.well-known/acme-challenge/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI","hostname":"app.yasinfardin.com","port":"80","addressesResolved":["167.235.57.106","2a01:4f8:1c1c:2982::"],"addressUsed":"2a01:4f8:1c1c:2982::"},{"url":"http://app.yasinfardin.com/.well-known/acme-challenge/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI","hostname":"app.yasinfardin.com","port":"80","addressesResolved":["167.235.57.106","2a01:4f8:1c1c:2982::"],"addressUsed":"167.235.57.106"},{"url":"https://app.yasinfardin.com/.well-known/acme-challenge/sCJnLvKA93NwZhTAWzvzV9RHUvlqMxfROqXHRclDmiI","hostname":"app.yasinfardin.com","port":"443","addressesResolved":["167.235.57.106","2a01:4f8:1c1c:2982::"],"addressUsed":"2a01:4f8:1c1c:2982::"}]}

Failed to aquire a Let's Encrypt certificate for server services.
Curl: SSL connection timeout (https://acme-v02.api.letsencrypt.org/acme/new-acct)

Failed to aquire a Let's Encrypt certificate for nextcloud.yasinfardin.com.
Curl: SSL connection timeout (https://acme-v02.api.letsencrypt.org/acme/chall-v3/365511070797/bGu-NQ)

Starting Nmap 7.80 ( https://nmap.org ) at 2024-06-18 08:01 EDT
Nmap scan report for app.yasinfardin.com (167.235.57.106)
Host is up (0.11s latency).
Other addresses for app.yasinfardin.com (not scanned): 2a01:4f8:1c1c:2982::
Not shown: 88 filtered ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
25/tcp  open  smtp
53/tcp  open  domain
80/tcp  open  http
110/tcp open  pop3
143/tcp open  imap
443/tcp open  https
465/tcp open  smtps
587/tcp open  submission
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds

@san I moved your posts to your own thread. A timeout problem is one of the most common we see. There are a wide variety of causes. We prefer each problem have its own thread.

Had you started your own in the Help section you would have been shown the form below. Please answer as much as you can so we can advise you best. Thanks

===============================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

4 Likes

Your problem is with the IPv6 address in your DNS.

nslookup app.yasinfardin.com
A    Address: 167.235.57.106
AAAA Address: 2a01:4f8:1c1c:2982::

Connections to IPv4 work fine and reach your Apache server. But, connections using IPv6 timeout. You should verify that is the correct IPv6 address for your server. Or, if you don't support IPv6 you should remove the AAAA record.

The reason your error shows an IPv4 address is misleading. Originally Let's Encrypt tries to reach you in IPv6 because that is what it prefers. But, that times out and LE retries with IPv4. That HTTP request reaches you and you redirect it to HTTPS. LE again tries the IPv6 connect and again fails. It does NOT retry with IPv4 after a redirect but it shows the IPv4 address in the message.

Ideally you would not be redirecting the HTTP challenge to HTTPS. But, your IPv6 address is not working and that can affect a wide variety of clients not just Let's Encrypt. So, you should fix that.

curl -I4 app.yasinfardin.com
HTTP/1.1 302 Found
Server: Apache
Location: https://app.yasinfardin.com/

curl -I6 app.yasinfardin.com
curl: (28) Failed to connect to app.yasinfardin.com port 80
after 134219 ms: Connection timed out
6 Likes