Certbot some challenges have failed Timeout during connect (likely firewall problem)

My domain is:www.distinctivelydetroit.com

I ran this command: Requested certificate

It produced this output: Some challenges have failed Timeout during connect (likely firewall problem)

My web server is (include version): GNU/Linux 5.15.0-58-generic x86_64

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.21.0

I created a digitalocean droplet and used the console to activate https for this domain, and then I deleted the droplet and tried re-creating it and re activating Https and cannot. I am getting these errors:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: distinctivelydetroit.com
Type: connection
Detail: ................: Fetching http://distinctivelydetroit.com/.well-known/acme-challenge/J3FOr_9BFfreF2pKgNq0z2s2lyzqOa_VdpXGjzaHKy0: Timeout during connect (likely firewall problem)

Domain: www.distinctivelydetroit.com
Type: connection
Detail: ...............: Fetching http://www.distinctivelydetroit.com/.well-known/acme-challenge/pFn-e9Z4pdu6OLszTKRnJpgvi-d2dUigkORwyswVl1M: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.

Any insight would be greatly appreciated

I can't access your site: did you open needed ports? (80/443)


Ok, you should be able to access it now.

Having one of those days where you know you should quit but keep pushing and everything is harder than it should be. Ya know?

well i think that was problem that blocked certificate request, if you retry now you will get different error at least, successful certificate at best


Once you have your cert and go to use it...

curl -Ii https://distinctivelydetroit.com
curl: (7) Failed to connect to distinctivelydetroit.com port 443: Connection refused

You will also need to open up port 443.


Using Let's Debug yields results https://letsdebug.net/www.distinctivelydetroit.com/1394783

No valid A or AAAA records could be ultimately resolved for www.distinctivelydetroit.com. This means that Let's Encrypt would not be able to connect to your domain to perform HTTP validation, since it would not know where to connect to.
No A or AAAA records found. 

There is no IP Address for www.distinctivelydetroit.com

$ nmap -Pn www.distinctivelydetroit.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-03 16:13 UTC
Failed to resolve "www.distinctivelydetroit.com".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.26 seconds

As @rg305 mentioned, distinctivelydetroit.com Port 443 needs to be open because of the redirect.

$ nmap -Pn distinctivelydetroit.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-03 16:12 UTC
Nmap scan report for distinctivelydetroit.com (
Host is up (0.082s latency).
Not shown: 997 filtered ports
22/tcp  open   ssh
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 8.89 seconds
1 Like

Thanks, I updated my A records and re ran certbot, and it worked. Thanks everyone for your help!


A post was split to a new topic: Can someone help me?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.