CA is likely to fail as well / connection refused while connecting to upstream client

My domain is:

I ran this command: docker-compose up

It produced this output:

Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt-nginx-proxy-companion | Creating/renewal certificates… (
2017-10-25 19:18:08,736:INFO:simp_le:1213: Generating new account key
nginx | 2017/10/25 19:18:13 [error] 6#6: *1 connect() failed (111: Connection refused) while connecting to upstream, client:, server:, request: “GET /.well-known/acme-challenge/NIUNMi6Zrkec-udxsKWexU1uL3QDoSWrFdwtoUptCGE HTTP/1.1”, upstream: “”, host: ""
nginx | - - [25/Oct/2017:19:18:13 +0000] “GET /.well-known/acme-challenge/NIUNMi6Zrkec-udxsKWexU1uL3QDoSWrFdwtoUptCGE HTTP/1.1” 502 173 “-” "python-requests/2.18.4"
2017-10-25 19:18:13,868:WARNING:simp_le:1304: was not successfully self-verified. CA is likely to fail as well!

My web server is (include version): Nginx with nginx-gen docker images. (jwilder/docker-gen)

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

When I visit the page it says: NET::ERR_CERT_COMMON_NAME_INVALID

Using Google domains

Any idea what the problem is?

It looks like @JrCs is the author or maintainer of that software (but hasn’t been active on the forum lately).

@JrCs, are you still around and able to help investigate this?

@MkOmNom, otherwise, could you try asking in


I think what’s going on here is that you have some kind of reverse proxy in front of a web server, and you have some kind of Let’s Encrypt client, and this tool is saying that the web server itself is not able to pass the challenges to get a certificate, and therefore the reverse proxy is also not going to be able to pass them. However, that doesn’t give me any ideas of how to proceed because I don’t know what particular software is trying to set up the challenge how, or where it got its configuration from!

Yes I’m using the docker-letsencrypt-nginx-proxy-companion image and a reverse proxy image in front of it. I think the software setting up the challenge is within that image. As for configuration it’s all configured as environment variables in a docker-compose file where “VIRTUAL_HOST=urls” is specified and “VIRTUAL_PORT=ports”.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.