Duckdns and Letsencrpyt failed challenge - likely a firewall problem

My domain is:

I ran this command: sudo certbot -v --apache -d

It produced this output:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

Server version: Apache/2.4.57 (Ubuntu)
Server built: 2023-04-08T12:56:02

The operating system my web server runs on is (include version):

Ubuntu 22.04.2 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):


I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No, I have sudo access

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


I've setup my firewall as :

80,443/tcp ALLOW Anywhere
443,8080/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
80,443/tcp (v6) ALLOW Anywhere (v6)
443,8080/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)

Is there anything I'm missing?

Thank you in advance for any help you can provide.


1 Like

Are you hosting at home?

Did you forward ports 80 and 443 from your router to your webserver?


Looks like they might have got that wrong. Port 80 is not answering (blocked maybe) and port 443 is responding to plain HTTP requests.

@sgilliar37 Port 443 should only handle HTTPS not plain HTTP which is done on port 80. Did you route port 443 to port 80 on your Apache machine? Or, did you setup a VirtualHost for port 443 but only handle HTTP there?

curl -i -m7
curl: (28) Connection timed out after 7001 milliseconds

curl -i -m7
curl: (35) error:0A00010B:SSL routines::wrong version number

This should not work but does.  
curl -i -m7
HTTP/1.1 200 OK
Date: Mon, 14 Aug 2023 20:02:27 GMT
Server: Apache/2.4.57 (Ubuntu)

Yes, I am hosting at home and have forwarded ports 80 and 443 on the router. I've also forwarded 8080 as well for nextcloud. This is the error in the letsencrypt.log file:

certbot.errors.CertStorageError: No certificate found with name (expected /etc/letsencrypt/renewal/
2023-08-14 16:04:19,283:ERROR:certbot._internal.log:No certificate found with name (expected /etc/letsencrypt/renewal/gilliards.duckdns

This looks messy.

Please tell us what you've done :smiley:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.