Web server not accessible from let's debug but I can access it

My domain is: saturn.arosser.com. A Watchguard firewall maps the address 71.162.154.60 to 192.168.0.108.

certbot --nginx or any other option fails saying it cannot connect to my server on port 80.
I am able to connect over the Internet to the server on port 80 and even created directory ".well-known/acme-challenge" and was able to access a file I placed here over the internet. My Firewall is set correctly (I am able to run certbot for another machine behind the same firewall - mars.arosser.com), but I don't see any connection attempts to 71.162.154.60 during operation by certbot.

I ran letsdebug.net -

Test result for saturn.arosser.com using http-01
ANotWorking
Error
saturn.arosser.com has an A (IPv4) record (71.162.154.60) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with saturn.arosser.com/71.162.154.60: Get "http://saturn.arosser.com/.well-known/acme-challenge/letsdebug-test": dial tcp 71.162.154.60:80: i/o timeout

Trace:
@0ms: Making a request to http://saturn.arosser.com/.well-known/acme-challenge/letsdebug-test (using initial IP 71.162.154.60)
@0ms: Dialing 71.162.154.60
@10000ms: Experienced error: dial tcp 71.162.154.60:80: i/o timeout
IssueFromLetsEncrypt
Error
A test authorization for saturn.arosser.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
Fetching http://saturn.arosser.com/.well-known/acme-challenge/Yr4IjX5hvhFHnITNdI0eaSxnt6Xk5S9s0yMWQp5akRY: Timeout during connect (likely firewall problem)
HTTPCheck
Debug
Requests made to the domain
Request to: saturn.arosser.com/71.162.154.60, Result: [Address=71.162.154.60,Address Type=IPv4,Server=,HTTP Status=0], Issue: ANotWorking
Trace:
@0ms: Making a request to http://saturn.arosser.com/.well-known/acme-challenge/letsdebug-test (using initial IP 71.162.154.60)
@0ms: Dialing 71.162.154.60
@10000ms: Experienced error: dial tcp 71.162.154.60:80: i/o timeout

HTTPRecords
Debug
A and AAAA records found for this domain
saturn.arosser.com. 0 IN A 71.162.154.60

Again, I don't see any connection attempts at the firewall during the let's debug.

My web server is (include version): nginx on Fedora 33. Currently only port 80 is open as I was hoping certbot --nginx would setup https.

I can login to a root shell on my machine (yes or no, or I don't know): yes

Obviously I'm missing something, any pointers would be appreciated.

Hi @andyrosser,

Did you test this from a distant place on the Internet, not from your local network? I also see the same thing that Let's Debug did when I test (connecting to mars at 71.162.154.59 succeeds, while connecting to saturn at 71.162.154.60 just times out; the reachability of the two is not the same).

I did try over LTE, but otherwise don't have a way to access from another location.
Thank you, I know where to look.

You must ensure that requests to port 80 are allowed through the firewall.
Or you would have to switch from HTTP authentication method to DNS authentication.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.