Cannot create ssl certificate with let's encrypt in subdomain

I have created ssl certificate for domain but I wanna to get subdomain's ssl certificate.
But there is this error.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

don't actaully see the problem here: can you try again ?


I tried to create ssl certificate by let's encrypt but this error is logged.

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:

Did you try again just now and the same error occurred? If so there might be some kind of firewall somewhere on your/your ISPʼs side, filtering requests from LE validation point(s).


Thanks. I tried again but this error is occured. :sob:

There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

And first error doesn't related with nginx configuration?

1 Like

Try adding --dry-run to your certbot command and let us know the result


well, I can't use certbot.
As I am a developer, I don't have super user password. :slight_smile:

But in the first post you shared the message that Certbot generated. What is it exactly that youʼre doing to get the certificate?


I am using Ploi to manage service and I can create ssl certificate on this platform.
And last text is just status logs.

Not familiar with it. Try finding a way to switch it to Staging Environment and try again. Perhaps consult the docs or support channels of this Ploi software.


Yesterday you got two certs for

Have you setup your system for in the same way?


Yes, I got that as a frontend service.
I created new subdomain for backend service and tried to create SSL certification.
I configured same as :pray:

For use let's encryt, should and return 200 status?

For Letʼs Encrypt, requests like these shouldnʼt result in “Connection refused”:

The Failed Validation Limit, that you ran into earlier, lasts for just one hour, so by now it should be lifted — you can try again now. But like I said previously, it would be best to switch your software to use the Staging Environment while kinks are being ironed out.


curl -v

gives me a 301 redirect to https

So you can disabel this redirect for /.well-known/acme-challenge/ or set certbot to use https/ssl/tls as well...

I can see a certificate with a Not Before of Fri, 30 Jun 2023 01:20:53 GMT. Seems like the issue was solved.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.