letsencrypt timeout during connect

johnz1 · Oct 11th 2019

I'm at my end with letsencrypt. I really want this to work, but just can't get it to connect ("Timeout during connect (likely firewall problem)"), and I don't know what else I can do. I'd really appreciate any help.

Here's the configuration:

- The domain name (johnzilliox.com) is registered with Namecheap.com. The A record is assigned to my IP address.
- The router has port forwarding configured for 80 and 443 to the OMV server.
- When I change the OMV web UI to port 80 or 443, it's externally accessible at johnzilliox.com:80 and johnzilliox.com:443
- Because of the problem with selecting a network, I'm creating the container from CLI:
TDL Let's Encrypt tutorial --network error
I can't use personal network on webGUI (--network my-net)
- Here are the commands I'm using to create the container:

Code

docker network create letsencrypt


docker create \
  --name=letsencrypt \
  --cap-add=NET_ADMIN \
  --network=letsencrypt \
  -e PUID=1000 \
  -e PGID=100 \
  -e TZ=America/New_York \
  -e URL=johnzilliox.com \
  -e VALIDATION=http \
  -e EMAIL=admin@johnzilliox.com \
  -e ONLY_SUBDOMAINS=false \
  -p 443:443 \
  -p 80:80 \
  -v /sharedfolders/containers/Let\'s\ Encrypt:/config \
  --restart always \
  linuxserver/letsencrypt


docker start letsencrypt


docker logs -f letsencrypt

Display More

- Here's the output from the log:

Code

DH parameters successfully created - 2048 bits
No subdomains defined
E-mail address entered: admin@johnzilliox.com
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for johnzilliox.com
Waiting for verification...
Challenge failed for domain johnzilliox.com
http-01 challenge for johnzilliox.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:


   Domain: johnzilliox.com
   Type:   connection
   Detail: Fetching
   http://johnzilliox.com/.well-known/acme-challenge/xxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxx:
   Timeout during connect (likely firewall problem)


   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the contai ner

Display More

To me, the fact that I can reach OMV when its on 80 and 443 means that it shouldn't be a communication issue between letsencrypt and the server. Again, I'd really appreciate any kind of help here. Thanks

Morlan · Oct 11th 2019

The only thing in the config which I'm not sure about is the config folder of your container. Maybe try a foldername without a space or '. Maybe just letsencrpt. Some people also said they had problem with using the sharedfolder-path and recommend using the /srv/dev-disk-by-label-diskname/.

To further troubleshoot you could try out another dns-service (e.g. duckdns) to narrow down if its some problem with your dns service.

johnz1 · Oct 11th 2019

Quote from Morlan

The only thing in the config which I'm not sure about is the config folder of your container. Maybe try a foldername without a space or '. Maybe just letsencrpt. Some people also said they had problem with using the sharedfolder-path and recommend using the /srv/dev-disk-by-label-diskname/.

Good idea, but that didn't change anything. I changed the data directory path to '/srv/dev-disk-by-label-SSD03/containers/letsencrypt'. Even when it was "Let\'s\ Encrypt", the app was able to write to the directory. It was worth a shot though, thanks.

I believe I'm using the default ISP DNS (RCN). I'll try changing that next - don't have any other ideas of what could be the issue.

johnz1 · Oct 25th 2019

I switched my router to OpenVPN, but still getting the same error. Is there anything else I should try, or is there an alternate method? Thanks

Morlan · Oct 26th 2019

What router model are you using? Which ports does the omv gui use?
Also you could try using the more up to date guide by macom (https://forum.openmediavault.o…g-OMV-and-docker-compose/) the advantage is that it's easier to change the parameters.
If you are still stuck you could ask the Linuxserver guys on their discord channel. They are really friendly.

johnz1 · Oct 26th 2019

ASUS RT-N66U for the router.
OMV webui is on port 888.

I'll try macom's guide - thank you

johnz1 · Oct 29th 2019

Tried the docker-compose method, but it failed in the same manner. I suppose I'll try the linuxserver guys

Morlan · Oct 30th 2019

Then it seems to be a problem related to your dns configuration or port forwardings.

Participate now!