Certificate renewal fails for MacOS FM Server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:logbook.austinrowing.org

I ran this command:sudo sh GetSSL1.sh

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for logbook.austinrowing.org

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: logbook.austinrowing.org
Type: connection
Detail: Fetching http://logbook.austinrowing.org/.well-known/acme-challenge/ZLgTtELwCuQy2Iwh2uyRzL0xckvN54SulUXTbMaAF08: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
mv: /Library/FileMaker Server/CStore/serverKey.pem: No such file or directory
fmsadmin: really delete certificate? (y, n) (Warning: server needs to be restarted)

My web server is (include version): FileMaker Server

The operating system my web server runs on is (include version): MacOS 12.3.1

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.16.0

You are using an HTTP challenge but your port 80 is not open. The Let's Debug site shows this and I could not reach your site with http:// either.

See this doc for Let's Encrypt recommendation about port 80


Thanks. Now I'll go figure out how to open port 80.


It turned out that the network environment had changed radically since the previous renewal, unbeknownst to me. Now I've persuaded the sysadmin to forward port 80 to the server machine, and the renewal worked.

Thanks again,



You get an "A+ for Social Engineering"


Or just :money_with_wings: :money_with_wings: :money_with_wings:



Are you sure that is an A+ not just an A; I would think for "A+ in Social Engineering"one would have to also obtain the root password too.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.