Trouble renewing certs (Timeout during connect (likely firewall problem))


#1

I can see in the hardware firewall logs it’s passing both 80 and 443 to the apache server.
I did add forwarding from port 80 to 443 in the website’s .conf file.

<VirtualHost *:80>
ServerName binderhospital.com
ServerAlias www.binderhospital.com
ServerAdmin info@binderhospital.com
DocumentRoot /var/www/BinderHosp
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.binderhospital.com [OR]
RewriteCond %{SERVER_NAME} =binderhospital.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

My domain is: binderhospital.com

I ran this commands:
certbot renew --apache
certbot renew --standalone --preferred-challenges tls-sni
It produced this output:

Processing /etc/letsencrypt/renewal/binderhospital.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for binderhospital.com
tls-sni-01 challenge for www.binderhospital.com
Waiting for verification…
Cleaning up challenges

Attempting to renew cert from /etc/letsencrypt/renewal/binderhospital.com.conf produced an unexpected error: Failed authorization procedure. www.binderhospital.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout during connect (likely firewall problem), binderhospital.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout during connect (likely firewall problem). Skipping.

My web server is (include version):
Server: Apache/2.4.10 (Raspbian)

I can login to a root shell on my machine
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No


#2

Hi,

Could you please double check on that? Since from my test, your website still shows a filtered status on port 80 & 443.

Two things needed to check:

  1. can you visit your website inside your network? (Using internal IP of that Pi)
  2. Could you visit your website outside your network? Or does your firewall have some sort of filtering in place? (That filter legitimate requests)

Thank you


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.