Acme: error: 400 using bitnami and lego for tls-alpn-01

I am not sure why LetsEncrypt can't create a SSL certificate for this domain. I have run through the same steps multiple times in AWS and also Google Cloud without ever having an issue.

My domain is:

I ran this command: sudo /opt/bitnami/letsencrypt/lego --tls --email="" --domains="" --path="/opt/bitnami/letsencrypt" run;

It produced this output:

2022/12/29 23:30:40 No key found for account Generating a P256 key.
2022/12/29 23:30:40 Saved key to /opt/bitnami/letsencrypt/accounts/
2022/12/29 23:30:44 Please review the TOS at
Do you accept the TOS? Y/n
2022/12/29 23:30:54 [INFO] acme: Registering account for
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/opt/bitnami/letsencrypt/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2022/12/29 23:30:55 [INFO] [] acme: Obtaining bundled SAN certificate
2022/12/29 23:30:55 [INFO] [] AuthURL:
2022/12/29 23:30:55 [INFO] [] acme: use tls-alpn-01 solver
2022/12/29 23:30:55 [INFO] [] acme: Trying to solve TLS-ALPN-01
2022/12/29 23:30:59 [INFO] Deactivating auth:
2022/12/29 23:30:59 Could not obtain certificates:
        error: one or more domains had a problem:
[] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data

My web server is (include version): nginx/1.23.2

The operating system my web server runs on is (include version): linux 5.10.0-19-cloud-amd64

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not using Certbot

Hi @Dusza, and welcome to the LE community forum :slight_smile:

I see from the cert issued history that you have not been able to automate the renewals.
I see from the "account registration" [in your output above] that you are now using something other than what had obtained the previous certs OR this is a new server with that same name.
I also see "Bitnami" and, in this forum, that has always been a red flag [when not following their instructions].
So... Step #1: Have you read through those instructions?:
Using Bitnami? Please see Bitnami's documentation! - Help - Let's Encrypt Community Support (


Hi @rg305 and thank you for replying. This domain used to be hosted in AWS and now is hosted in Google Cloud. In both environments, a Bitnami marketplace image was used to setup Nginx. The online documentation is what has been followed too. On a personal Google Cloud account I've been able to install LetsEncrypt SSL without any problems for other domains, using the same exact steps however for this domain, it's a corporate Google Cloud account where the firewall has been opened to ports 80, 443 and only allowing * when generating the certificate.

I believe this is a config issue with the corporate Google Cloud environment but I don't know how to troubleshoot with the errors LetsEncrypt has provided. I would need more information to relay to the IT department.

1 Like

These entries seem relevant:

Unfortunately, I don't know much about the lego client [and how to troubleshoot it].
That said, some very basic connection tests return rather unusual responses:

curl -Ii
HTTP/1.1 502 Bad Gateway
Transfer-Encoding: chunked
Date: Fri, 30 Dec 2022 01:31:38 GMT

curl -Ii
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to

Yeah, no, that's not going to work. The remote validations can come from any arbitrary IP address from anywhere in the world and are not necessarily related to the domain.


We are investigating our load balancer within Google Cloud based on eliminating firewall rules.

We decided to let Google Cloud manage the SSL since we had the site behind a load balancer.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.