"Timeout during connect" when obtaining certificates (ISP block maybe?)

1. The problem I’m having:

Caddy used to run fine until suddenly it did not. I did not touch anything, really. Not from the server, not from my router configuration. I figured out Caddy is now suddenly unable to get certificates from issuers.

After this happened I purged Caddy and reinstalled it. In the process, I deleted the contents of /var/lib/caddy, because I wanted to delete the certificate cache.

Now the problem is the same as before deleting that folder and reinstalling Caddy.

If I do an nmap 80,443, both ports show filtered, but I’ve tried disabling my router’s Firewall and it’s the same.

EDIT: I also added “admin” to my Caddyfile (see below) because it said port 2019 was already being used.

EDIT2: doing a “curl -v” to any of my domains, leads to a timeout (both http and https) - could it be that my ISP is suddenly blocking something? How would I go about checking that and fixing it given the case?

2. Error messages and/or full log output:

sep 23 12:59:10 afir-server caddy[14163]: {"level":"error","ts":1695466750.1335347,"logger":"tls.obtain","msg":"will retry","error":"[afirplay.ddns.net] Obtain: [afirplay.ddns.net] solving challenge: afirplay.ddns.net: [afirplay.ddns.net] authorization failed: HTTP 0  -  (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":769.400081908,"max_duration":2592000}
sep 23 13:08:54 afir-server caddy[14163]: {"level":"info","ts":1695467334.1165738,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"afirplay-movies.ddns.net"}
sep 23 13:08:55 afir-server caddy[14163]: {"level":"info","ts":1695467335.1157572,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"afirplay-movies.ddns.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
sep 23 13:09:05 afir-server caddy[14163]: {"level":"error","ts":1695467345.8316135,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"afirplay-movies.ddns.net","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":" Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}
sep 23 13:09:05 afir-server caddy[14163]: {"level":"error","ts":1695467345.8316858,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"afirplay-movies.ddns.net","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":" Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/119461654/11119947834","attempt":1,"max_attempts":3}
sep 23 13:09:07 afir-server caddy[14163]: {"level":"info","ts":1695467347.0013647,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"afirplay-tv.ddns.net"}
sep 23 13:09:07 afir-server caddy[14163]: {"level":"info","ts":1695467347.2408235,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"afirplay-movies.ddns.net","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
sep 23 13:09:07 afir-server caddy[14163]: {"level":"info","ts":1695467347.5946667,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"afirplay-tv.ddns.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
sep 23 13:09:10 afir-server caddy[14163]: {"level":"info","ts":1695467350.1344507,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"afirplay.ddns.net"}
sep 23 13:09:10 afir-server caddy[14163]: {"level":"info","ts":1695467350.7265687,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"afirplay.ddns.net","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}

3. Caddy version:

v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=

4. How I installed and ran Caddy:

I installed it doing:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

I edited the Caddyfile and reloaded through

sudo service caddy reload

a. System environment:

Ubuntu 22.04.1 LTS

b. Command:

I have no idea what you want here.

c. Service/unit/compose file:

d. My complete Caddy config:

        email rogermacaya@gmail.com
# The Caddyfile is an easy way to configure your Caddy web server.
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
:80 {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.

        # Another common task is to set up a reverse proxy:
        # reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
afirplay.ddns.net {
        handle_path /tv* {

        handle /movies* {

        handle {
                reverse_proxy localhost:8096
afirplay-movies.ddns.net {
        reverse_proxy localhost:7878
afirplay-tv.ddns.net {
        reverse_proxy localhost:8989

5. Links to relevant resources:

Solved! It was a very weird thing with my router where the ports would appear as forwarded in its GUI, but they were actually not. The fix was to delete the port forwarding in the router page and create it again.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.