Creating SSL certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:certbot certonly --webroot

It produced this output:Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):
Requesting a certificate for
Input the webroot for (Enter 'c' to cancel): C:\wamp64\www\olac

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain:
Type: connection
Detail: Fetching Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Drupal 10.1.6 Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.10

The operating system my web server runs on is (include version): Windows Server 2022

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):2.7.4

The --webroot uses an HTTP Challenge so needs port 80 open. Yours is closed. You have port 443 open so you might consider using Apache mod_md and the TLS_ALPN challenge.

If that works you would not even need Certbot and just rely on the required Apache config settings for mod_md

Apache has its own docs but I like the ones here better. It is where mod_md got started


Hi and thank you so much for the quick response.
I opened port 80 and retried again but I still got the same error.
I am not familair with the other solution you suggested. Please could you point me in the direction where I can get information about it?
Thank you very much

1 Like

@MikeMcQ already provided a link to where you can learn more about mod_md at the end of the message to which you replied.


Oh, thank you very much.


I see a different error. You were getting a Timeout but now a "Reset By Peer" error. It looks like you have a Palo Alto Networks brand firewall blocking ACME Challenge requests. You should show the below requests to your network team and have them allow the "acme-protocol" in the Applications section in that firewall. We have seen this problem often.

Notice the request with a default curl request works. But, a user-agent for Let's Encrypt fails with "reset by peer"

curl -I
HTTP/1.1 404 Not Found
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.10 mod_fcgid/2.3.10-dev

curl -I -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +"
curl: (56) Recv failure: Connection reset by peer

Yes, we have Palo Alto Network firewall. I will take this up with the Network team.
Thank you very much


See also:

Also note that Certbot is phasing out support for Windows. As already said I also, with the phasing out of Windows support of Certbot, encourage you to look into other clients like mod_md. Or if mod_md is not something you like, other Windows based ACME clients.


Yes, I am reading about the mod-md now and I might be implementing it.
Thank you so much


Hi all,
I got the keys and certificates for the stg-olac site after acme-protocol was allowed through the firewall.
However, the stg-olac is just the staging site but when I tried to do the same on the PROD, I got a different error.
The error says UNATHORIZED:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from 404

Type: unauthorized
Detail: Invalid response from 403

The first site returned 404 via HTTP:

I get 301:

curl -Ii
HTTP/1.1 301 Moved Permanently     <<<<<<<<<<<<<<<<<<<<<<<<<
Date: Wed, 22 Nov 2023 03:00:35 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.10 mod_fcgid/2.3.10-dev
X-Powered-By: PHP/8.2.10
X-Drupal-Dynamic-Cache: UNCACHEABLE
Content-language: en
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Generator: Drupal 10 (
X-Drupal-Cache: MISS
Content-Type: text/html; charset=UTF-8

The www site does require authentication:

curl -Ii
HTTP/1.1 403 Forbidden     <<<<<<<<<<<<<<<<<<<<<<<<<
Date: Wed, 22 Nov 2023 03:02:21 GMT
Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.10 mod_fcgid/2.3.10-dev
Content-Type: text/html; charset=iso-8859-1

Thank you for looking into this.
As someone suggested on the forum, Palo Alto network firewall is in use and was blocking ACME protocol
Then I tried the stand alone command and I was able to generate the certificate successfully.
Again, I am very grateful for your help and help from all the good people in the forum


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.