An unexpected error occurred: The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:sudo certbot certonly --standalone --preferred-challenges http -d

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hello @Achref, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using the online tool Let's Debug with the HTTP-01 challenge of the Challenge Types - Let's Encrypt yields these results

Error has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with Get "": dial tcp i/o timeout

@0ms: Making a request to (using initial IP
@0ms: Dialing
@10000ms: Experienced error: dial tcp i/o timeout 
A test authorization for to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued. Fetching Timeout during connect (likely firewall problem) 
1 Like

Also, it seems your thread title does not correspond with the thread contents, as clearly different errors are presented. How does the policy error relate to the hostname you've mentioned in the thread?


Using this online tool Open Port Check Tool - Test Port Forwarding on Your Router it seem all the Ports are Closed.

And nmap -Pn seems to confirm this.

$ nmap -Pn
Starting Nmap 7.80 ( ) at 2023-04-26 16:34 UTC
Nmap scan report for (
Host is up.
All 1000 scanned ports on ( are filtered

Nmap done: 1 IP address (1 host up) scanned in 202.17 seconds
1 Like

Most of the questions were left unanswered :frowning:
Is there something bound to port 80?


Apart from the port issue mentioned above, I guess you simply copied the command from user guide and included literally as domain name without any modification, as indicated by the error message in the subject.

The "" domain should not be copied as-is. This should be replaced with your actual domain. in this case, it should be


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.