Error getting SSL certificates with Nginx, raspbian


Ive been stuck on this problem for over a week now and im really curious what the problem is here. If i have to post anymore info let me know. Thanks for atleast reading.

My domain is:

I ran this command: sudo /etc/letsencrypt/certbot-auto certonly --agree-tos --webroot -w /data/ -d -d -d -d

It produced this output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Using the webroot path /data/ for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching 89iXEHVtW5kgE: Error getting validation data, (http-01): urn:acm e:error:connection :: The server could not connect to the client to verify the d omain :: Fetching AniVgqxaHfDBeb2CiXTypsKN30k9GlE: Error getting validation data


  • If you lose your account credentials, you can recover through
    e-mails sent to

  • The following errors were reported by the server:

    Type: connection
    Detail: Fetching 7gi89iXEHVtW5kgE:
    Error getting validation data

    Type: connection
    Detail: Fetching CiXTypsKN30k9GlE:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Raspbian (Debian)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes


Your web server does not give an HTTP response to basically any query except index:

$ curl -vvv -i
*   Trying
* Connected to ( port 80 (#0)
> GET /any-url HTTP/1.1
> Host:
> User-Agent: curl/7.55.1
> Accept: */*
* Empty reply from server
* Connection #0 to host left intact
curl: (52) Empty reply from server

It looks like is using Namecheap URL forwarding, and is using Namecheap domain parking.

You should have A/AAAA records pointing at your web server to use HTTP-01 validation.

At the very least, you would need to remove that CNAME record, as it is preventing your A record from working.

You may also want to change the @ record to also be an A record to your IP address, but it might not be totally necessary for Certbot to work.

The new www. record looks okay, though your web server doesn’t seem to be actually accessible at the moment. Is the right IP?

You currently have no A record for the base domain (, so you will need to add one, in a similar way to www..

Your A record is not working for, it is only working for Can you take another screenshot of the DNS manager?

Looks like the A record for is working now :slight_smile: .

The next steps would be:

  • Make sure your web server is accessible from the internet. At the moment, does not load (no route to host). This will be either due to firewall rules, or because your web server is not running.
  • Once you have confirmed the web server is running, try run the certbot certonly command again.

I don’t know, sorry.

‘No route to host’ usually indicates a firewall issue. Maybe your residential ISP (Belgacom) blocks port 80, maybe your router is not forwarding traffic from port 80 to your web server.

Let’s Encrypt won’t be able to give you a certificate using http-01 unless you can solve it.

$ curl -i -vvv
* Rebuilt URL to:
*   Trying
* connect to port 80 failed: No route to host
* Failed to connect to port 80: No route to host
* Closing connection 0
curl: (7) Failed to connect to port 80: No route to host

You can alternatively use dns-01 validation to get your certificate, by using --preferred-challenges dns-01 instead of --webroot -w /data/ in your command.

This would allow you to work around the problem of your web server not being accessible from the internet.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.