certbot certonly dynu (dynamic dns) timeout during connect even though the URL is accessible

1

I see other questions with the same error but their answers/resolutions do not work or apply to me.

My setup:

  • I have a server at home behind a router
  • There is no firewall on the server and it is configured as DMZ on the router (all WAN traffic routes to the server on the LAN)
  • I have the https://www.dynu.com account dingobaby.kozow.com.
  • When/if I host a simple web server (python -m SimpleHTTPServer 80) then I can access it by going to http://dingobaby.kozow.com

I am trying to use certbot to create a Let's Encrypt certificate that I'll be using with exim. I am getting the error "Failed authorization procedure....Timeout during connect (likely firewall problem)"

But, before it exits with the error I can go to http://dingobaby.kozow.com and see the message "ACME client standalone challenge solver".

I am not sure why certbot fails if the URL is accessible?

root@host:/home/myaccount# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): dingobaby.kozow.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dingobaby.kozow.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dingobaby.kozow.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dingobaby.kozow.com/.well-known/acme-challenge/HIsnwP90XZbvwdB0QepgtyAFt373AOaiJaaHMUEnMhY: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: dingobaby.kozow.com
   Type:   connection
   Detail: Fetching
   http://dingobaby.kozow.com/.well-known/acme-challenge/HIsnwP90XZbvwdB0QepgtyAFt373AOaiJaaHMUEnMhY:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
root@host:/home/myaccount#

(Note, I have disabled the port forwarding on the router so http://dingobaby.kozow.com won't work right now.)

IMTheNachoMan

Posted 2019-03-14T20:11:11.197

Reputation: 304

1Had a similar problem... turned out my ISP automatically blocks a number of inbound ports including port 80. Once unblocked all working :) – Corin Fletcher – 2019-06-19T03:35:47.910

Answers

1

The webserver needs to be accessible from outside your private network. As @Corin commented above, some ISPs block incoming port 80. Can check with your Internet Service Provider if this is the case.

To check if the webserver is accessible from outside, many sites are available, for example, open ports checker.

aaditya1234

Posted 2019-03-14T20:11:11.197

Reputation: 111

Asked: 2019-03-14T20:11:11.197

Viewed: 244 times

Active: 2019-11-01T15:27:55.550