Challenge failed on the Certbot renew certificate

Hello, I need help on the certbot error it said that

http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: connection
    Detail: Fetching
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Since i got the error I'm always searching and reading how to solve this problem and all of them couldn't show me the way how to fix this so i need any one who can give me the answer thank you in advance.

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

Considering that both port 80 (http) and port 443 (https) appear be closed, there's no way that an http-01 challenge could succeed. Have you tried connecting to your own webserver?


Thank you so much I will try that first for now as I can see checking the port 80 and 443 both are still open I need more information if those are open how can I solve this problem?

1 Like

You need to open port 80 first.

You can check here:


Yep i did try to open my website here

Firstly, would you be so kind to use proper punctuation? That would make your posts more easily readable. Thank you for that!

Further more, you should check remotely if your site works or not, such as with aid of sites like

It could be that locally your site works, because the issue is between your server and the world wide web and not between your local computer and server (if you host your server in the same network.

You should look at firewalls and/or NAT portmaps in your router for example.


Here is what I got my firewall is already up running.

Oh!, Thank you so much i have already check it and it's like you said i will solve that and try again.


I'm still unable to solve the down site yet i have already check everything ,but not found the reason why the site down my router also open the WAN public IP already and also port forwarding.Do you have any idea what cause this problem ?

It looks like you managed to get your site up and running again. Now you can try again getting a certificate.


Osiris looks like my ISP is blocking port 80 and 443 I have to ask them to open and waiting until Monday.

No you don't, your site is currently up:


What ? that is funny lol.

Cool! Right now it's already https. Thank you so much Osiris and Griffin you both help me a lot.


I need to ask some thing more about securing the email for the mail server from postfix. I need to know more about how to make the mail server secure using the let's enscrypt?

Please read here for more info regarding Postfix and TLS:

The certificate should include the hostname which is used as the value for the MX record of the domain in question, as the MTU will use that hostname to connect to your Postfix server.


Thank you so much, Osiris.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.