Times out every time, ports forwarded correctly

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://ddns.mysadcow.com/

I ran this command: sudo certbot --apache

It produced this output: SUCCEEDS, ISSUES CERT

My web server is (include version): Apache/2.4.38

The operating system my web server runs on is (include version): 2020-05-27-raspios-buster-armhf

My hosting provider, if applicable, is: NONE

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

No matter what I do, I cannot get my domain to load. I’ve installed ufw, opened ports 80 and 443, and forwarded them in my router. Traffic works fine on port 80, but when I try with https, it times out. Extremely frustrating, and can’t figure this out.

1 Like

It does seem that the port forwarding is not working. Can’t open a connection on 443.

If you forward another port (like 8443 external -> 443 internal), can you access that? To try exclude the question of your ISP blocking it?

1 Like

Hi @my2qnj9m

you have created three certificates - https://check-your-website.server-daten.de/?q=ddns.mysadcow.com#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-08-09 2020-11-07 ddns.mysadcow.com - 1 entries duplicate nr. 3
Let’s Encrypt Authority X3 2020-08-03 2020-11-01 ddns.mysadcow.com - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2020-08-03 2020-11-01 ddns.mysadcow.com - 1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2020-08-01 2020-10-30 ddns.mysadcow.com - 1 entries
Let’s Encrypt Authority X3 2020-08-01 2020-10-30 ddns.mysadcow.com - 1 entries

so that part has worked. Don’t create the next.

Works https internal?

curl https://ddns.mysadcow.com/
curl https://72.128.96.185/

from that machine?

http works, https not, only timeouts:

Domainname Http-Status redirect Sec. G
http://ddns.mysadcow.com/ 72.128.96.185 200 Html is minified: 100,00 % 0.270 H
small visible content (num chars: 12)
you found me
https://ddns.mysadcow.com/ 72.128.96.185 -14 10.037 T
Timeout - The operation has timed out
http://ddns.mysadcow.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 72.128.96.185 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0 404 Html is minified: 100,00 % 0.270 A
Not Found
Visible Content: Not Found The requested URL was not found on this server. Apache/2.4.38 (Raspbian) Server at ddns.mysadcow.com Port 80
apachectl -S

So if it works internal, it’s a router or firewall problem.

3 Likes

I’m not sure how to check this. I’ll look into it.

2 Likes

When I test with CURL, it fails. So it must be internal.

Edit: Not sure what is failing when I run certbot. I see that it installs to the proper folders, enables the mod in apache, and I’ve restarted everything. The only thing I notice is that in the sites-enabled folder, it shows the conf file with zeros instead of my domain name. In other documentation, I’ve seen it usually installs with the actual name. Any ideas what could be wrong?

Thank you for your help.

2 Likes

Please

apachectl -S
3 Likes

Sorry, missed that line. Here’s the output:

AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default-le-ss                                                                                    l.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/ddns.mysadcow.com/fullchain.pem'                                                                                     does not exist or is empty
Action '-S' failed.
The Apache error log may have more information.

I’m trying to fix permissions so I can access the live folder to investigate what’s going on there.

1 Like

Run it as root or sudo.

2 Likes
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName'                                       directive globally to suppress this message
VirtualHost configuration:
*:443                  ddns.mysadcow.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

There is no correct port 80 vHost with your domain name. So Certbot didn’t find a correct template to create the port 443 vHost.

  • make a backup
  • disable / delete the not working port 443 vHost
  • create a correct port 80 vHost
  • apachectl -S
  • then use certbot --reinstall, so Certbot should create a correct port 443 vHost
  • then again curl internal
3 Likes

Thank you! Do I fix this by adding ‘ServerName localhost’ to the apache config, or is there something I have to do specific to my domain?

2 Likes

After doing everything you mentioned, I get this result from apachectl -S:

VirtualHost configuration:
*:443                  ddns.mysadcow.com (/etc/apache2/sites-enabled/msc-le-ssl.conf:2)
*:80                   ddns.mysadcow.com (/etc/apache2/sites-enabled/msc.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

It still times out with curl internally.

1 Like

Your ISP (Charter Communications) doesn’t seem to block port 443: https://www.spectrum.net/support/internet/blocked-ports/

So it must be another firewall besides ufw or your router.

2 Likes

If it doesn’t work internal, it can’t work external.

But I don’t know why it doesn’t work internal. Looks like you have a general (old) bug in your configuration.

Works curl internal with http? Works curl with 127.0.0.1 + http / https?

Or you have a wrong hosts file, so another / wrong ip address is checked.

2 Likes

Thanks for your help. I give up. I’ve tried setting this up from scratch multiple times, and something is clearly not getting through somehow. Curl works internally on http. By the way, I’ve seen this issue a few times on reddit, but never a solution, so I’m guessing other people have had these issues as well.

Do you know of a way to check that the port is indeed open? I’ve opened other ports and know they work outside my router.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.