Unable to connect to to client

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: francoisvalscaleway.ddns.net

I ran this command: certbot renew

It produced this output:

FailedChallenges: Failed authorization procedure. francoisvalscaleway.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://francoisvalscaleway.ddns.net/.well-known/acme-challenge/asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM: Timeout during connect (likely firewall problem)

My web server is (include version): apache 2.4.29

The operating system my web server runs on is (include version): ubuntu bionic

My hosting provider, if applicable, is: scaleway

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

Can somebody helps on this problem ? Ports 80 and 443 are opened in iptables, I find this in the debug log:

{
“identifier”: {
“type”: “dns”,
“value”: “francoisvalscaleway.ddns.net”
},
“status”: “invalid”,
“expires”: “2020-04-16T11:01:07Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:connection”,
“detail”: “Fetching http://francoisvalscaleway.ddns.net/.well-known/acme-challenge/asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM: Timeout during connect (likely firewall problem)”,
“status”: 400
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/3855556769/zo0e1w”,
“token”: “asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM”,
“validationRecord”: [
{
“url”: “http://francoisvalscaleway.ddns.net/.well-known/acme-challenge/asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM”,
“hostname”: “francoisvalscaleway.ddns.net”,
“port”: “80”,
“addressesResolved”: [
“51.158.79.57”
],
“addressUsed”: “51.158.79.57”
}
]
}
]
}
2020-04-09 13:01:25,244:DEBUG:acme.client:Storing nonce: 01018alq7jWls0cSsCmfgpxcZFKY3NjLf6vl7Qlfo-_fmeQ
2020-04-09 13:01:25,245:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: francoisvalscaleway.ddns.net
Type: connection
Detail: Fetching http://francoisvalscaleway.ddns.net/.well-known/acme-challenge/asNWGJLrMaBD5uHgrRBpk7GDPnbFk1TzR7Gka0zxLfM: Timeout during connect (likely firewall problem)

Hi @FrancoisVal

checking your domain via https://check-your-website.server-daten.de/?q=francoisvalscaleway.ddns.net - that works:

Port 80 answers.

So if you see that error message, looks like a regional firewall that blocks some ip addresses used by Letsencrypt.

It was indeed some kind of regional firewall. I am using ipset available on https://www.ipdeny.com/, and the adresses used by letsencrypt are included in the file for the US. I disabled the iptables rule based on that set and my certificates could be renewed.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.