Certbot - Unable to Complete TLS-SNI Challenge - Port 443 Blocked

I am trying to set up an SSL certificate for my domain that I have hosted on GoDaddy. I have hosted vinushkah.me as my primary domain and have set up a subdomain, cloud.vinushkah.me, which is what I am trying to create an SSL cert for. In order to point this domain at my home server, I have created a CNAME record on GoDaddy which points to my NoIP dynamic DNS hostname vinushkah.ddns.net, and have not created an accompanying A record because my public IP address changes, hence utilising a dynamic DNS hostname.

When I input cloud.vinsuhakh.me whilst configuring LetsEncrypt, I get the following error:

The server could not connect to the client to verify the domain :: Failed to connect to xxx.xxx.xxx.xxx:443 for tls-sni-01 challenge

Domain: cloud.vinushkah.me
Type: connection
Detail: Failed to connect to xxx.xxx.xxx.xxx:443 for tls-sni-01 challenge

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

I am able to telnet to this hostname on port 443 successfully. Given that my NoIP hostname has an A record, and pinging cloud.vinushkah.me resolves to this IP address correctly, I cannot understand why this does not work.

Hi @vinushkah,

I'm not. Is it possible that you're doing so from your own network, but that a firewall blocks other people from doing so from elsewhere on the Internet?

I don’t believe this should be the Firewall. If it is, my router firewall is fine. I’m hosting the server on Ubuntu 16.04 so unless there’s a default config in Ubuntu’s Firewall config causing this, I can’t say whether that’s likely the cause.

Well, I’ve tried twice to telnet to port 443 of your server and got no response either time, so something is blocking the connections. By contrast, I can reach port 80 of the server without any problems.

hi @schoen

seems that HTTPS is now available


have you been able to get a certificate issued

if not you do need to specify the command you are using.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.