Web server not accessible from let's debug but I can access it

My domain is: saturn.arosser.com. A Watchguard firewall maps the address 71.162.154.60 to 192.168.0.108.

certbot --nginx or any other option fails saying it cannot connect to my server on port 80.
I am able to connect over the Internet to the server on port 80 and even created directory ".well-known/acme-challenge" and was able to access a file I placed here over the internet. My Firewall is set correctly (I am able to run certbot for another machine behind the same firewall - mars.arosser.com), but I don't see any connection attempts to 71.162.154.60 during operation by certbot.

I ran letsdebug.net -

Test result for saturn.arosser.com using http-01
ANotWorking
Error
saturn.arosser.com has an A (IPv4) record (71.162.154.60) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with saturn.arosser.com/71.162.154.60: Get "http://saturn.arosser.com/.well-known/acme-challenge/letsdebug-test": dial tcp 71.162.154.60:80: i/o timeout

Trace:
@0ms: Making a request to http://saturn.arosser.com/.well-known/acme-challenge/letsdebug-test (using initial IP 71.162.154.60)
@0ms: Dialing 71.162.154.60
@10000ms: Experienced error: dial tcp 71.162.154.60:80: i/o timeout
IssueFromLetsEncrypt
Error
A test authorization for saturn.arosser.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
Fetching http://saturn.arosser.com/.well-known/acme-challenge/Yr4IjX5hvhFHnITNdI0eaSxnt6Xk5S9s0yMWQp5akRY: Timeout during connect (likely firewall problem)
HTTPCheck
Debug
Requests made to the domain
Request to: saturn.arosser.com/71.162.154.60, Result: [Address=71.162.154.60,Address Type=IPv4,Server=,HTTP Status=0], Issue: ANotWorking
Trace:
@0ms: Making a request to http://saturn.arosser.com/.well-known/acme-challenge/letsdebug-test (using initial IP 71.162.154.60)
@0ms: Dialing 71.162.154.60
@10000ms: Experienced error: dial tcp 71.162.154.60:80: i/o timeout

HTTPRecords
Debug
A and AAAA records found for this domain
saturn.arosser.com. 0 IN A 71.162.154.60

Again, I don't see any connection attempts at the firewall during the let's debug.

My web server is (include version): nginx on Fedora 33. Currently only port 80 is open as I was hoping certbot --nginx would setup https.

I can login to a root shell on my machine (yes or no, or I don't know): yes

Obviously I'm missing something, any pointers would be appreciated.

1 Like

Hi @andyrosser,

Did you test this from a distant place on the Internet, not from your local network? I also see the same thing that Let's Debug did when I test (connecting to mars at 71.162.154.59 succeeds, while connecting to saturn at 71.162.154.60 just times out; the reachability of the two is not the same).

1 Like

I did try over LTE, but otherwise don't have a way to access from another location.
Thank you, I know where to look.

1 Like

You must ensure that requests to port 80 are allowed through the firewall.
Or you would have to switch from HTTP authentication method to DNS authentication.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.