Failed authorization procedure

The error that I am getting when I try to run certbot is:

Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer as a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

  • Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.

I cannot list specific domain and other information but I am sure that this is a simple problem, it is just that I don’t have enough experience with setting up the network, to solve it. There is a firewall and a routable and static address to it from the Internet but the address of the machine that is behind the firewall is not routable (starts with 192). This was not, obviously set up by me, I just need to add certificates. The web server is accessed only from the Intranet of the company, so nobody from outside of has access to it. The access only needs to be granted to letsencrypt, in order to issue and maintain certificates.

So, I know that the problem is that there is no direct address to the web server which is behind the wall, but I have searched and searched and cannot figure out how to do that.

Can someone help?

1 Like

This also means that Let's Encrypt can't independently verify your control of the domain, which is a condition of issuing you a certificate.

You can take a look at using the DNS challenge instead (-a manual --preferred-challenges dns) if that is more suitable for your environment.

However, to automate renewal, we'd need to know who provides your domain's DNS hosting.


You should look in the manual for your router for something called “port forwarding.” You’ll want to forward ports 80 and 443 from the Internet to your web server. Note that this will make your web server fully accessible to the Internet, so it’s very important that your web server has up-to-date software and appropriate access control.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.