Certbot using the wrong address to verify

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: donclifton.com

I ran this command: sudo certbot certonly --standalone

It produced this output:[from log file]
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: donclifton.com
Type: connection
Detail: Fetching https://donclifton.com:4315/.well-known/acme-challenge/_e2TyPDNTrE7oY55V8uV1j-qEqFAifiXMdNh0JVj_Is: Invalid port in redirect target. Only ports 80 and 443 are supported, not 4315

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): macos Ventura 13.2.1

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 2.3.0

How do you mean, "using the wrong address to verify"? First of all, Certbot is an ACME client and the Let's Encrypt validation servers do all the validating, including following any HTTP to HTTPS redirects. You can see https:// in front of the URL in the error message, so somewhere earlier, the LE validation servers got an HTTP response which redirected to the URL in the error message.

Note that the standalone plugin does NOT redirect. It either responds with the challenge or a 404 file not found, no redirects.

Currently, it seems your HTTP site is down entirely, so it's hard to debug.


Hi @dkclifton, and welcome to the LE community forum :slight_smile:

Is that the correct IP?
If so, what is redirecting HTTP to HTTPS on port 4315?
If not, well.. correcting that would be "Step #1".


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.