diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py
index 49de9499..ccd1a810 100644
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@@ -37,6 +37,8 @@ import glob
 
 from OpenSSL import crypto
 from datetime import datetime
+from requests.exceptions import Timeout
+
 from yunohost.vendor.acme_tiny.acme_tiny import get_crt as sign_certificate
 
 from moulinette.core import MoulinetteError
@@ -567,7 +569,11 @@ def _fetch_and_enable_new_certificate(domain, staging=False):
         raise MoulinetteError(errno.EINVAL, m18n.n(
             'certmanager_cert_signing_failed'))
 
-    intermediate_certificate = requests.get(INTERMEDIATE_CERTIFICATE_URL).text
+    try:
+        intermediate_certificate = requests.get(INTERMEDIATE_CERTIFICATE_URL, timeout=30).text
+    except Timeout:
+        # XXX what should we do here? retry?
+        pass
 
     # Now save the key and signed certificate
     logger.info("Saving the key and signed certificate...")
@@ -837,7 +843,10 @@ def _dns_ip_match_public_ip(public_ip, domain):
 
 def _domain_is_accessible_through_HTTP(ip, domain):
     try:
-        requests.head("http://" + ip, headers={"Host": domain})
+        requests.head("http://" + ip, headers={"Host": domain}, timeout=30)
+    except Timeout as e:
+        # XXX what should we do here? retry?
+        pass
     except Exception as e:
         logger.debug("Couldn't reach domain '%s' by requesting this ip '%s' because: %s" % (domain, ip, e))
         return False