Creating SSL certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:certbot certonly --webroot

It produced this output:Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):
Requesting a certificate for
Input the webroot for (Enter 'c' to cancel): C:\wamp64\www\olac

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain:
Type: connection
Detail: Fetching Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Drupal 10.1.6 Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.10

The operating system my web server runs on is (include version): Windows Server 2022

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):2.7.4

The --webroot uses an HTTP Challenge so needs port 80 open. Yours is closed. You have port 443 open so you might consider using Apache mod_md and the TLS_ALPN challenge.

If that works you would not even need Certbot and just rely on the required Apache config settings for mod_md

Apache has its own docs but I like the ones here better. It is where mod_md got started


Hi and thank you so much for the quick response.
I opened port 80 and retried again but I still got the same error.
I am not familair with the other solution you suggested. Please could you point me in the direction where I can get information about it?
Thank you very much

1 Like

@MikeMcQ already provided a link to where you can learn more about mod_md at the end of the message to which you replied.


Oh, thank you very much.


I see a different error. You were getting a Timeout but now a "Reset By Peer" error. It looks like you have a Palo Alto Networks brand firewall blocking ACME Challenge requests. You should show the below requests to your network team and have them allow the "acme-protocol" in the Applications section in that firewall. We have seen this problem often.

Notice the request with a default curl request works. But, a user-agent for Let's Encrypt fails with "reset by peer"

curl -I
HTTP/1.1 404 Not Found
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.10 mod_fcgid/2.3.10-dev

curl -I -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +"
curl: (56) Recv failure: Connection reset by peer

Yes, we have Palo Alto Network firewall. I will take this up with the Network team.
Thank you very much


See also:

Also note that Certbot is phasing out support for Windows. As already said I also, with the phasing out of Windows support of Certbot, encourage you to look into other clients like mod_md. Or if mod_md is not something you like, other Windows based ACME clients.


Yes, I am reading about the mod-md now and I might be implementing it.
Thank you so much


Hi all,
I got the keys and certificates for the stg-olac site after acme-protocol was allowed through the firewall.
However, the stg-olac is just the staging site but when I tried to do the same on the PROD, I got a different error.
The error says UNATHORIZED:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from 404

Type: unauthorized
Detail: Invalid response from 403

The first site returned 404 via HTTP:

I get 301:

curl -Ii
HTTP/1.1 301 Moved Permanently     <<<<<<<<<<<<<<<<<<<<<<<<<
Date: Wed, 22 Nov 2023 03:00:35 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.10 mod_fcgid/2.3.10-dev
X-Powered-By: PHP/8.2.10
X-Drupal-Dynamic-Cache: UNCACHEABLE
Content-language: en
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Generator: Drupal 10 (
X-Drupal-Cache: MISS
Content-Type: text/html; charset=UTF-8

The www site does require authentication:

curl -Ii
HTTP/1.1 403 Forbidden     <<<<<<<<<<<<<<<<<<<<<<<<<
Date: Wed, 22 Nov 2023 03:02:21 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.10 mod_fcgid/2.3.10-dev
Content-Type: text/html; charset=iso-8859-1

Thank you for looking into this.
As someone suggested on the forum, Palo Alto network firewall is in use and was blocking ACME protocol
Then I tried the stand alone command and I was able to generate the certificate successfully.
Again, I am very grateful for your help and help from all the good people in the forum