Hello
I’m trying to perform an http validation and am receiving a “Timeout during connect (likely firewall problem)” error. Here’s the configuration:
- OS: OpenMediaVault 4.1 (OMV)
- Router: ASUS RT-N66U using OpenVPN for DNS service
- The container is being pulled from “linuxserver/letsencrypt:latest”
- Domain name (johnzilliox.com) purchased and managed through namecheap.com
- The A record is assigned to my IP address, and the A record has been tested with dnschecker.org
- The router has port forwarding configured for 80 and 443 to the server.
- When I change the OMV web UI to port 80 or 443, it’s externally accessible at johnzilliox.com:80 and johnzilliox.com:443
Here are the commands I’m using to create and start the container:
docker stop letsencrypt
docker container rm letsencrypt
docker network rm letsencrypt
rm -rf /sharedfolders/containers/letsencrypt/*
docker network create letsencrypt
docker create \
--name=letsencrypt \
--cap-add=NET_ADMIN \
--network=letsencrypt \
-e PUID=1000 \
-e PGID=100 \
-e TZ=America/New_York \
-e URL=johnzilliox.com \
-e VALIDATION=http \
-e EMAIL=admin@johnzilliox.com \
-e ONLY_SUBDOMAINS=false \
-p 443:443 \
-p 80:80 \
-v /sharedfolders/containers/letsencrypt:/config \
--restart always \
linuxserver/letsencrypt
docker start letsencrypt
docker logs -f letsencrypt
Here’s what the log looks like:
Summary
[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 01-envfile: executing…
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing…
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
GID/UID
User uid: 1000
User gid: 100
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing…
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing…
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a RSA private key
…+++++
…+++++
writing new private key to ‘/config/keys/cert.key’
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing…
Variables set:
PUID=1000
PGID=100
TZ=America/New_York
URL=johnzilliox.com
SUBDOMAINS=
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=admin@johnzilliox.com
STAGING=
Created donoteditthisfile.conf
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…++++++++
DH parameters successfully created - 2048 bits
No subdomains defined
E-mail address entered: admin@johnzilliox.com
http validation is selected
Generating new certificate
/usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: “is” with a literal. Did you mean “==”?
if x is 0 or x is 1:
/usr/lib/python3.8/site-packages/jmespath/visitor.py:32: SyntaxWarning: “is” with a literal. Did you mean “==”?
if x is 0 or x is 1:
/usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: “is” with a literal. Did you mean “==”?
elif y is 0 or y is 1:
/usr/lib/python3.8/site-packages/jmespath/visitor.py:34: SyntaxWarning: “is” with a literal. Did you mean “==”?
elif y is 0 or y is 1:
/usr/lib/python3.8/site-packages/jmespath/visitor.py:260: SyntaxWarning: “is” with a literal. Did you mean “==”?
if original_result is 0:
/usr/lib/python3.8/site-packages/digitalocean/LoadBalancer.py:19: SyntaxWarning: “is” with a literal. Did you mean “==”?
if type is ‘cookies’:
/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:65: SyntaxWarning: “is” with a literal. Did you mean “==”?
if self.email is ‘’ or self.token is ‘’:
/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:65: SyntaxWarning: “is” with a literal. Did you mean “==”?
if self.email is ‘’ or self.token is ‘’:
/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:89: SyntaxWarning: “is” with a literal. Did you mean “==”?
if self.email is ‘’ or self.token is ‘’:
/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:89: SyntaxWarning: “is” with a literal. Did you mean “==”?
if self.email is ‘’ or self.token is ‘’:
/usr/lib/python3.8/site-packages/CloudFlare/cloudflare.py:113: SyntaxWarning: “is” with a literal. Did you mean “==”?
if self.certtoken is ‘’ or self.certtoken is None:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for johnzilliox.com
Waiting for verification…
Challenge failed for domain johnzilliox.com
http-01 challenge for johnzilliox.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: johnzilliox.com
Type: connection
Detail: Fetching
http://johnzilliox.com/.well-known/acme-challenge/IkP86S5nViIBXuihIvPVPPWXJZfAx2AUO8CktrHYkh8:
Timeout during connect (likely firewall problem)To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided. -
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
To me, the fact that I can reach the OMV web UI when it’s on 80 and 443 means that it shouldn’t be a communication issue between letsencrypt and the server. I’d really appreciate any kind of help here. Thanks!