Certificate Renewal acme challenge connection refused


I am trying to renew the certificates on a Cent OS 7 with NGINX system using certbot 0.14.1.

The nginx configuration file has the right directives to serve the challenge files:

location /.well-known/acme-challenge {
allow all;
root /var/www/;

any static files I manually create in ./well-known/acme-challenge are correctly served in the browser. Using curl -Ikl4 on that file will return HTTP/1.1 200 OK. Trying however -Ikl6 will trigger a "Could not resolve host message.

There only CNAME entries in my Zone Editor - no A nor AAAA names.

The challenges entry in the log is the following:

“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “Fetching /.well-known/acme-challenge/ciMTLpZFSePCK0fY7utY3a8bBb8r7uQnQyEWjfWd6C8: Connection refused”,
“status”: 400
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/hbdEONE1A02Hy7gkAy34MscKd9fmsJRThp1RR-5dTX8/74616354”,
“token”: “ciMTLpZFSePCK0fY7utY3a8bBb8r7uQnQyEWjfWd6C8”,
“keyAuthorization”: “ciMTLpZFSePCK0fY7utY3a8bBb8r7uQnQyEWjfWd6C8.dL7zY1jvk3djd-OsCwBdLqtHaJ5s64ZndgTblTPn-DE”,
“validationRecord”: [
“url”: “/.well-known/acme-challenge/ciMTLpZFSePCK0fY7utY3a8bBb8r7uQnQyEWjfWd6C8”,
“hostname”: “”,
“port”: “80”,
“addressesResolved”: [
“addressUsed”: “123.345.567.789”,
“addressesTried”: []

Does the “addressesTried” being empty having a impact on the connection refused message?

I would truly appreciate any help and hint on how I could proceed solving the problem. Thanks!

Please mention the affected domain name.

A quick update on how I worked around the above issue:

  • updated certbot to the latest version 0.19.0
  • running certbot --renew still failed to update the certificates due to the “Connection refused” on the acme challenge
  • running certbot in manual mode certbot certonly --manual -d <domain> and placing the challenge files manually in the ./well-known/acme-challenge folder worked fine. The files could be accessed and a new certificate has been issued. No further changes have been performed to the system nor to the nginx configuration

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.