Unable to connect to site via 443

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: owncloud-viz.ddns.net

I ran this command: openssl s_client -connect owncloud-viz.ddns.net:443 -showcerts

It produced this output: 140147572122944:error:0200206E:system library:connect:Connection timed out:../crypto/bio/b_sock2.c:110:
140147572122944:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=110

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 20.04.5 LTS, Apache/2.4.41, OpenSSL 1.1.1f

My hosting provider, if applicable, is: No-IP

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, just cli

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

Your server's timing out. But what makes you think that has anything to do with the Let's Encrypt certificate authority or its services?

Hello @frost7. welcome to the Let's Encrypt community.

Using the online tool Let's Debug yields these results https://letsdebug.net/owncloud-viz.ddns.net/1438861
Get "http://owncloud-viz.ddns.net/.well-known/acme-challenge/letsdebug-test": dial tcp 99.237.77.62:80: connect: no route to host

ANotWorking
Error
owncloud-viz.ddns.net has an A (IPv4) record (99.237.77.62) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://owncloud-viz.ddns.net/.well-known/acme-challenge/letsdebug-test": dial tcp 99.237.77.62:80: connect: no route to host

Trace:
@0ms: Making a request to http://owncloud-viz.ddns.net/.well-known/acme-challenge/letsdebug-test (using initial IP 99.237.77.62)
@0ms: Dialing 99.237.77.62
@3088ms: Experienced error: dial tcp 99.237.77.62:80: connect: no route to host 

IssueFromLetsEncrypt
Error
A test authorization for owncloud-viz.ddns.net to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
99.237.77.62: Fetching http://owncloud-viz.ddns.net/.well-known/acme-challenge/5HfEcpaFHfWLHacuv3ybDuRX1v4BOFMIj_66hJDFOu4: Error getting validation data 

Here is a list of issued certificates crt.sh | owncloud-viz.ddns.net, the latest being 2023-04-08.

Neither Port 80 nor Port 443 are Open; you (nor anyone on the Internet) will not be able to connect to the site via 443.

$ nmap -Pn owncloud-viz.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-04-08 22:34 UTC
Nmap scan report for owncloud-viz.ddns.net (99.237.77.62)
Host is up (0.20s latency).
rDNS record for 99.237.77.62: cpe688f2e2c9463-cm688f2e2c9460.sdns.net.rogers.com
Not shown: 999 filtered ports
PORT    STATE  SERVICE
987/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 106.54 seconds

And here are 2 online tools to Port Scan from the Internet.

1. Open Port Check Tool - Test Port Forwarding on Your Router
2. TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid

Thanks for the quick reply, I'm using No-IP with a dhcp public address that changes. I can reach ownCloud inside and outside my network. However, I can't reach ownCloud.

When i checked ports using the tools provided the ports are indeed opened. My issue could be on my configuration of apache and my certs. I was wondering what I could be doing wrong on that part.

I didn't say it was an issue with LE certs, I think it could be a Apache configuration issue that I am facing. I'm new at apache ssl configuration and I was hoping someone could give me pointers.

Show us the secured vhost config.

here is my vhost config

root@ownc001:/etc/apache2/sites-available# cat owncloud-viz.ddns.net.conf

<VirtualHost *:443>
# uncommment the line below if variable was set
#ServerName owncloud-viz.ddns.net
ServerName owncloud-viz.ddns.net
ServerAlias owncloud-viz.ddns.net
DirectoryIndex index.php index.html
DocumentRoot /var/www/owncloud
#<Directory /var/www/owncloud>
#  Options +FollowSymlinks -Indexes
#  AllowOverride All
#  Require all granted

# Listen 443

  SSLEngine On
  SSLCertificateFile /var/www/owncloud/certs/cert.pem
  SSLCertificateKeyFile /var/www/owncloud/certs/key.pem

  Alias /.well-known/acme-challenge/ /etc/letsencrypt/live/owncloud-viz.ddns.net/
<Directory /var/www/owncloud>
  Options +FollowSymlinks -Indexes
  AllowOverride All
  Require all granted

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/owncloud
 SetEnv HTTP_HOME /var/www/owncloud
</Directory>
</VirtualHost>

#####################
additional notes:

ran the following commands:
a2ensite owncloud-viz.ddns.net.conf
> Site owncloud-viz.ddns.net already enabled

root@ownc001:/home/?????# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled

the LE certs are all here:

root@ownc001:/etc/letsencrypt/live/owncloud-viz.ddns.net# ls
cert.pem chain.pem fullchain.pem privkey.pem README

Did you just fix your problem? Because that openssl works for me as do curl requests.

curl -I https://owncloud-viz.ddns.net/index.php/login
HTTP/1.1 200 OK
Date: Sun, 09 Apr 2023 13:48:07 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Permitted-Cross-Domain-Policies: none
Set-Cookie: ocj2uq223h56=l6g6tmlgo6kmri35jh1c3vhoir; path=/; secure; HttpOnly; SameSite=Strict
(other headers omitted)

I agree with @MikeMcQ; looks like it is working now.
Looks good here

• https://decoder.link/sslchecker/owncloud-viz.ddns.net/443

and here

• SSL Server Test: owncloud-viz.ddns.net (Powered by Qualys SSL Labs)

$ nmap -Pn owncloud-viz.ddns.net
Starting Nmap 7.80 ( https://nmap.org ) at 2023-04-09 16:19 UTC
Nmap scan report for owncloud-viz.ddns.net (99.237.77.62)
Host is up (0.094s latency).
rDNS record for 99.237.77.62: cpe688f2e2c9463-cm688f2e2c9460.sdns.net.rogers.com
Not shown: 997 filtered ports
PORT    STATE  SERVICE
80/tcp  open   http
443/tcp open   https
987/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 8.73 seconds

$ openssl s_client -showcerts -servername owncloud-viz.ddns.net -connect owncloud-viz.ddns.net:443 < /dev/null
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = owncloud-viz.ddns.net
verify return:1
---
Certificate chain
 0 s:CN = owncloud-viz.ddns.net
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Apr  8 11:53:38 2023 GMT; NotAfter: Jul  7 11:53:37 2023 GMT
-----BEGIN CERTIFICATE-----
MIIGMDCCBRigAwIBAgISAzmtzADR8p0UCsmxCFV3Gb7QMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA0MDgxMTUzMzhaFw0yMzA3MDcxMTUzMzdaMCAxHjAcBgNVBAMT
FW93bmNsb3VkLXZpei5kZG5zLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBANTYaRZNiVPROYJD91qXzmo863AOFJZAAPXFBrzfAV+2dmTLpR7mj5CC
zVBV2QvsvRb8Jthl57pd1uFNGty9veTOjWHVzARPkQh/Ei1Iqwx/YmgKEv/3qwy1
GOtcl2/XRu5HyFiOwXcNWylLbKEkT2FX/5iFxo7aCOGR6oWJUU1I4vW2Dje5aWmb
mvbVPDpbBJh5Dif6/0I+zJrFH9vneVskZ+q4KJczDWgyUTQIOvY3MmfApvt8ehCg
jZ27bFvlfQW1JG06JwOuCBSdSM5e6YUHb+wg7Ti0xaLE3s/3e25Kwl79e4sBzSZ5
of6BAoV/VbD2MT7qWSp+x3Bel1oJVm+DF0Fx0dAeOOdknNCaol9b45GXhtzfBnUZ
iooKWzmFJ7MKNrhmJkS5yxt3UaSekMooOC1eqW4MjGeYX/+rCcmCQxWd/pX09h5C
PG/FmRYwBbLkznoH3GJjzQlgcMSANy1gmYTCrgnNc7Lx2K96rkhwtWu6tw7Hek7n
6QPPfKU5vGh9c8P8QrcRRog3zPfTv5qf2DtgawhVVa2d+NVhQEfHPx8XY5yjp4Se
FU9exeQGnwaEKimiMqz5jJOz750+hOm1LRAEMNCJkE4cx4Zttjb4Geeo3UnFBID0
Dgj56DlIck5h8JTq8C/YJAd5XBEDvgWMuk9twOGu3E6VE+p5OxvtAgMBAAGjggJQ
MIICTDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGwt3Rne5pTuz8eq0JDOtdpDj7TF
MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkw
RzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAC
hhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCAGA1UdEQQZMBeCFW93bmNsb3VkLXZp
ei5kZG5zLm5ldDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisG
AQQB1nkCBAIEgfUEgfIA8AB2ALc++yTfnE26dfI5xbpY9Gxd/ELPep81xJ4dCYEl
7bSZAAABh2Dt7l4AAAQDAEcwRQIgC+geyaPRaY2ZhA/KsCGhYBhgPwnGOdE4ZL0a
mfdOS2MCIQDe+e+ul/uwDhoTqTl/LqtFbK20ox8gi2EMhAG6+1Vs6wB2AK33vvp8
/xDIi509nB4+GGq0Zyldz7EMJMqFhjTr3IKKAAABh2Dt7oIAAAQDAEcwRQIhANap
TagRvwVYTnCauF6YgLcwrOC/N+w5uvunITrBA4Z9AiBeAZoDpkTSZgSUWFVasTsl
+tk3MNAZEmfB+9AuspzLYTANBgkqhkiG9w0BAQsFAAOCAQEAZnNJvWaZ48X16ncm
FaHju9VmH+T/vQ86+J7sQ8Ajfm8VPsdWqCRFvvGae2C3zExDz8j/Ztzwyo5uzXan
f7bHivr/eRoU7GLvi0/Hzd+iO0PShN0y1YZK+q02vJo9xyagUfdO+RtaEeGkhZEB
7p0WeAaWCwN8vlQ32l2LRhKCGPjyudK5buwpg17nKuTAFcFwoIEH0eKlrqwE8rWh
RVarbyTjN6YkKOPo9Csox18TI76u0Ri/Ztv1k0a3TwtVxKxgwd6kCE0REjRnbj36
0OUtAL7YgHEKmDfDO2phoKeIT9PlvmkVAFbiF3n8hgI8OTmpGrTZnfeJPUQ5oiFj
VhitXw==
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=CN = owncloud-viz.ddns.net
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5100 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE

thank you everyone, it does look like the issue is resolved. Kudos to the team!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.