Error generating certificate


I haven't had any issues generating certificates since I first started using Let's Encrypt last August or September. Trying to renew now I am getting the message below.

I haven't changed ANYTHING in my setup. I know the port forwarding is working because I tested with PLEX and it connects just fine from outside the network.

I am running on a MacMini using macOS Monterey. I'm using ONLY as a mail server.

I have ports 80 and ports 443 being forwarded to the MacMini.

All help is greatly appreciated!!

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for and

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Timeout during connect (likely firewall problem)

Type: connection
Detail: Fetching Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Are you sure your port forwarding actually works, the IP address is the right one (both public and private you're forwarding to)?


I’m not understanding your question…

The public IP is what is showing in the error in my post. I then forward the different requests to an internal machine that has a address.

I have tested using PLEX that is running on a MacStudio and it works fine so I know the forwarding rules in the router are working.

Hi, get your website working over http first, then try your certificate order again.

Plex may be working but http over port 80 is not.

Sometime ISPs removes support for port 80 (and possibly even port 443), in which case you'd probably need to switch to DNS validation instead of http validation. You need to confirm port 443 is still working as well otherwise you'd need to run all your services on higher ports.


The Let's Debug test site is helpful to test changes to get port 80 (http) working

It uses its own connection tests from the public internet and also uses the Let's Encrypt Staging system to test connections. Both of these currently fail

Many other ports have connectivity (25,110,143,993,995). So, something unique to port 80 is causing the problem for the HTTP Challenge


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.