An unexpected error occurred

My domain is:

I ran this command: certbot certonly --webroot

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes):

Hi, if got this message:
An unexpected error occurred:
HTTPSConnectionPool(host='', port=443):
Max retries exceeded with url: /directory (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x048C6B20>:
Failed to establish a new connection: [WinError 10060]

Using Let's Debug yields these results

Error has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with Get "": context deadline exceeded

@0ms: Making a request to (using initial IP
@0ms: Dialing
@10000ms: Experienced error: context deadline exceeded 
A test authorization for to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued. Fetching Timeout during connect (likely firewall problem) 

The HTTP-01 challenge of the Challenge Types - Let's Encrypt requires Port 80 to be Open.
Best Practice - Keep Port 80 Open

1 Like

What version of Windows are you running?

That looks like you can't make a connection from your Windows system to the Let's Encrypt servers.

Are you able to make connections to other domain names - like google?


And nmap -Pn is show no open ports, at least for IPv4 Addresses.

$ nmap -Pn
Starting Nmap 7.80 ( ) at 2023-03-23 16:52 UTC
Nmap scan report for (
Host is up.
rDNS record for
All 1000 scanned ports on ( are filtered

Nmap done: 1 IP address (1 host up) scanned in 202.07 seconds
1 Like

From the is Help Topic of the OP Problem certbot on win 11; looks like Windows 11.
(even has the same IPv4 Address)


Maybe your ISP has started blocking your port 80 [again].


In that case, what does this show?



That wouldn't affect outgoing HTTPS connections.


So true.
Not sure what I was looking at...


Hi all,
I did a check-up with, shielssUP port checker.
And yes indeed my ISP.
Indeed, it blocked the ports again.
Very annoying because it's the only one in my neighborhood with fast internet.
And they can remotely adjust my modem whenever they want.
Their help desk doesn't answer, or even give a reason why.
So I can only hope that another provider will soon install their fiber optic cable network.
Thanks for the quick responses.


Maybe their modem can be set to "bridge mode".
If so, maybe then you can use your own router to NAT/Port Forward.
[without them blocking you - maybe]

Yes, I said "maybe" three times on purpose.
It is a big "maybe", but worth trying [or, at least, asking your ISP about that solution/workaround].


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.