Certificate renewal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:stjuderedcap.schoolofstjude.org

I ran this command:certbot renew

It produced this output:Timeout during connect (likely firewall problem)

My web server is (include version): wamp server 3.2.6-64bit

The operating system my web server runs on is (include version): Windows Server 2019 datacenter

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.2.0

Someone has blocked port 80 which is preventing the HTTP Challenge to complete.

Your port 443 (HTTPS) is fine. It is just port 80 that is blocked


Hi @tarimon, and welcome to the LE community forum :slight_smile:

HTTP authentication requires TCP port 80 to be opened and it should be allowed to reach the ACME client [certbot].

Something must have changed since the cert was issued on March 29th.


Seems port 80 remains unavailable to the World Wide Web.

80/tcp  filtered http
443/tcp open     https



Agree. But, they got a fresh cert 2 days ago so they may have opened it to renew and then closed again.

Hopefully they have automated that or at least keep very good notes :slight_smile:


Hello Mike,

Thank you for your support and Yes, although I have subscribed for reminders before expirations, I will like to eliminate the manual process and automate this.

Our architecture is a Windows server running a Wamp server with Apache.

I initially used Certbot with: certbot -d stjuderedcap.schoolofstjude.org --manual --preferred-challenges dns certonly

The above worked.

Now I am trying to automate it with a manual authentication hook

Why that one? I think using --webroot method would be easier. If you need something to open and close port 80 automatically you could use the --pre-hook and --post-hook.

You have Route53 as your DNS provider so could use a DNS Challenge instead. That avoids opening port 80 but is often more difficult to automate. And, I don't remember if Certbot supports the Route53 plug-in on Windows. I don't think it does but not certain.
For that you may have to look at other ACME Clients designed for Windows. Certify the Web is a good option


I'd think so too...
But that implies not using --standalone which implies something else would be listening on port 80.

Sadly, I still don't see anything listening on port 80 now:

curl -Ii http://stjuderedcap.schoolofstjude.org/
curl: (56) Recv failure: Connection reset by peer

So, my questions are:

  • Will port 80 be opened?
  • If so, what will be listening?

Yeah, my bad. I thought their original request was HTTP Challenge from error on first post but I now see it was a manual DNS Challenge (from post #6).

So, automating that may need a different ACME Client because I am pretty sure the Route53 plug-in is not supported by Certbot on Windows.

Certify the Web includes Route53 support (link here)

This seems easier than writing your own manual Auth hook. Or open port 80 for Certbot --webroot

@rg305 Do you know for sure about the DNS plug-ins on Windows? I'm only like 80% sure Certbot does not support them there.


I was leaning towards not having to use the DNS plugin.
And, since certbot for Windows and Apache don't play well together...
I was leaning towards --webroot as well.

But we can only take the horse to water - we can't make him drink it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.