Debian 11 - nginx - let's encrypt setup not work

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --nginx -d -d

It produced this output: Challenge failed for domain Challenge failed for domain http-01 challenge for http-01 challenge for Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: Type: connection Detail: Fetching Timeout during connect (likely firewall problem) Domain: Type: connection Detail: Fetching Timeout during connect (likely firewall problem) To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): Debian 11 Raspberry Pi 4 Model B 4 GB

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

When I check on Let's Debug, it has output:

ERROR has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

A timeout was experienced while communicating with Get "": context deadline exceeded

@0ms: Making a request to (using initial IP
@0ms: Dialing
@10001ms: Experienced error: context deadline exceeded



A test authorization for to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued. Fetching Timeout during connect (likely firewall problem)

Please help, thank you so much

It looks like a firewall problem indeed. Tell us about your firewalls.

1 Like

I use ufw, I have opened port 80 and 443, Full NGINX, NAT from to my domain

Something is blocking port 80. Port 443 looks clearer but nothing is listening. Do you recognize port 2022 from your config?

Check your port forwarding and any router firewall (I guess):

80/tcp   filtered http
443/tcp  closed   https
2022/tcp open     down

Yes, 2022 is my SSH port

Good. I see port 80 open now too. You should be able to make progress.
Oops. Still get timeout. Check your port forwarding and nginx listen


Could you please explain how to check port forward and Nginx listen? I have

set NAT on 80/443 port already

Are you connected to a router? If so it's in there.

You should have a working HTTP site before trying to get a cert. I cannot reach your site with this from my own test server. Which has nothing to do with Let's Encrypt:

curl -i -m10
curl: (28) Connection timed out after 10001 milliseconds

Oddly, I did get a response once and saw a "Welcome to" page. But, subsequent attempts time out as shown


To have a port forwarding working consistently you should also make your router assign the raspberrypi the same local IPv4 every time, so you can configure the forwarding. You can do that via static assignment or dhcp reservation.


I've set NAT already, but it's not work?!? Checked is ok

Yeah, your apex works but www doesn't... show us the nginx config you're using.

1 Like

I was just able to connect to your www subdomain.

Do you have stuff like fail2ban, or maybe just an overburdened CPU?

1 Like

I have just reinstall my RPI as this tutorial: How To Secure Nginx with Let's Encrypt on Debian 10 | DigitalOcean
Not thing else

That tutorial looks mostly fine, and that's something -- we've seen some horrible ones. But you should install certbot following the instructions on instead.


I follow this to step 7: but it's not work

make sure that the internal ip of your raspberry is still

1 Like

Yes, it's, I've set static IP for my RPI already

I can see your website. You can probably try again.

At this point if it doesn't work it's probably some firewall you cannot control.


It's worked when I move my RPI to another router.
Thank you for your help,