Certbot failed to report authenticate some domains (authenticator:standalone)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help

I ran this command:
sudo certbot certonly --standalone -d MYDOMAINNAMEHERE

It produced this output:
Requesting a certificate for MYDOMAINNAMEHERE

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Type: connection
Detail: 52.x.x.x : Fetching http://MYDOMAINNAMEHERE/.well-known/acme-challenge/vS5u_wy5wNjthh9wrLKu5tOid7pn0SBbGmS_GjfaN0I: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 22.04.3 LTS

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Addtional details of issue:
What ended up happening was i am trying to host my app that is running in a docker container on my instance on a specific subdomain (lets say prefix.test.dev). I have got the app running the docker container and I can access it via the ipv4, and now I am trying to use certbot to ensure https because it ends in a .dev subdomain.

And then I messed up in some configuration, so I decided instead of trying to troubleshoot my way out of this pit, I'll just nuke the EC2 instance (terminated it) and start fresh in like 15 mins. So I did that, but I forgot to deactivate / detach all the certbot stuff that I had previously setup for my domain name, which by the way, was successfully authenticated as HTTPS. So I think that's why it's failing.

MY QUESTION IS, how long before I am able to use certbot again on my new fresh instance for the domain name that I wanted? The old instance with the certification stuff is terminated and gone, so I have no way of reaching it and detaching / deleting the previous certifications...

Hi @fundmatch, and welcome to the LE community forum :slight_smile:

The HTTP challenge requests aren't reaching the --standalone web server.
Make sure HTTP [TCP port 80] is being allowed through all firewalls and such.

There is no line, no waiting.


Why did you choose --standalone when you have a running nginx server?

Normally you would choose --webroot or --nginx methods and let nginx handle the HTTP challenge


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.