Can't renew certificate

Hi everyone.

This is the first time that i'm having issues with let's encrypt.

I've used this to tutorial to install moodle and certbot.

That went down great and I was actually able to retrieve the first certificate correctly.

Now I can't.

My domain is:

I ran this command: certbot certonly -v -d

It produced this output: root@SSVMLMS01:~# certbot certonly -v -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Nginx Web Server plugin (nginx)
2: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
3: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A seperate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator nginx, Installer nginx
Certificate is due for renewal, auto-renewing...
Renewing an existing certificate for
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Error getting validation data

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx/1.24.0

The operating system my web server runs on is (include version): Ubuntu 22.04.3 LTS

My hosting provider, if applicable, is: selfhosted

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.7.4

Any help would be great.


1 Like

Hi @Pancho, and welcome to the LE community forum :slight_smile:

Your website isn't working:

curl -Ii
curl: (56) Recv failure: Connection reset by peer - Is Lms Down Right Now? (


Ports 80 & 443 are being filtered, do you have a firewall?

$ nmap -Pn -p80,443
Starting Nmap 7.80 ( ) at 2023-11-15 03:19 UTC
Nmap scan report for (
Host is up.
rDNS record for

80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.99 seconds

Using the online tool Let's Debug yields these results
See the second ERROR below @3153ms: Experienced error: dial tcp connect: no route to host

ERROR has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "": dial tcp connect: no route to host

@0ms: Making a request to (using initial IP
@0ms: Dialing
@3153ms: Experienced error: dial tcp connect: no route to host
A test authorization for to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued. Fetching Error getting validation data
1 Like

Hi everyone.

You were absolutely right!.

There were missing some NAT rules on the firewall.

Now I can refresh the certificate with no problem.

Thanks again! :slight_smile: