Firewall prevents getting a certificate

I am new to Let's Encrypt.

I am currently setting up a product (VPN gateway) that requires a TLS certificate to encrypt the communication between my clients and the VPN gateway. How can I use Let's encrypt to get that certificate and keys created. (*.pem or *.cer files)?.

I am not setting up any webserver such Apache or IIS or any built applications.

My VPN gateway is running on a EC2 AWS Instances and while I perform the installation I need to feed the keys.

My domain is: (registered and available)

I ran this command: certbot certonly -d (no sure if this is correct)

It produced this output:

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: connection
    Detail: Fetching
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): N/A

The operating system my web server runs on is (include version): N/A

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Thanks for the support

1 Like

I'm not sure what your topic title has to do with your question, but open port 80 on your firewall.


Hi @bill69

How to create a TLS certificate with an Alternate name (SAN)

if you create a certificate, all domain names are in the SAN list of that certificate.

So that's not a problem.

1 Like

Ok great to know that.

Now how can I get the TLS certificate? I do not have any webserver running.
My VPN gateway setup is requiring to place cert and key files on specific folders they documented.

1 Like

Do what you did before, but open port 80 on your firewall first--as I already said.


Ok great I am a step further with my installation I have the TLS certificates

Do not understand why my security group on AWS was not working. I recreated it and now certbot ran very well until the end.

Thank you


I renamed your topic for the benefit of those who might run into a similar problem in the future.

1 Like

Yep for sure this was the real reason (AWS Security groups)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.