CA failed to verify temporary apache configuration made by certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --apache

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Error getting validation data
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.

My web server is (include version):

The operating system my web server runs on is (include version): Rocky Linux 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbt 2.5.0

Welcome @ishan.abhinit

Your domain cannot be reached using HTTP from the public internet. Use the Let's Debug test site to test your domain. Once that is working try getting a cert again. To me, it looks like only port 22 is open and port 80 is blocked by a firewall or some other network config problem.


The attempt to connect to HTTP on Port 80 is successful, but is being redirected to HTTPS on Port 443 (which in itself is not an issue) and that URL is failing.

$ curl -Ii
HTTP/1.1 301 Moved Permanently
Date: Thu, 27 Apr 2023 15:24:00 GMT
Server: Apache/2.4.53 (Rocky Linux) OpenSSL/3.0.1
Content-Type: text/html; charset=iso-8859-1

The redirected URL is FAILING (i.e. HTTPS on Port 443).

$ curl -Ii
curl: (7) Failed to connect to port 443 after 100 ms: No route to host

Port 80 is Open (good), Port 443 is closed (not good due to the redirect to it).

For those who like visual representation using Open Port Check Tool - Test Port Forwarding on Your Router

And for those who like textual representation using nmap -Pn

$ nmap -Pn
Starting Nmap 7.80 ( ) at 2023-04-27 15:28 UTC
Nmap scan report for (
Host is up (0.67s latency).
rDNS record for
Not shown: 997 filtered ports
80/tcp   open   http

Nmap done: 1 IP address (1 host up) scanned in 73.70 seconds

Thanks for your help, it worked. But when I run, I get
"This site cannot provide a secure connection".
5601 is where I have Kibana running. What am I doing wrong?

1 Like

You are serving HTTP not HTTPS on that Port.

Testing HTTPS

$ curl -k -Ii
curl: (35) error:0A00010B:SSL routines::wrong version number

Testing HTTP

$ curl -k -Ii
HTTP/1.1 302 Found
location: /spaces/enter
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
cross-origin-opener-policy: same-origin
content-security-policy: script-src 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
kbn-name: loganalysisclass-2023.novalocal
kbn-license-sig: 436a8cc5f17370751860538a8c4aeec28ab676bf97f389bbc4e083cbfe9ce9e9
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
Date: Thu, 27 Apr 2023 16:40:35 GMT
Connection: keep-alive
Keep-Alive: timeout=120

How do I correct this?

Here details on Apache can be found in documentation and forums:

And kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.


What is Kibana?

1 Like

Is it this?


If so, we are not the support channel for that :frowning:


Check these for forums support


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.