"GET / HTTP/1.1" from Let's Encrypt server and it is refusing certificate renewal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: none.your.business

I ran this command:
certbot certonly ...

It produced this output:
The following errors were reported by the server:
Detail: Fetching https://
Connection reset by peer

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

OK why the hell did you start GETting "/" instead of just looking at "/.well-known/acme-challenge/"? This is none of your business and your client should look ONLY at "/.well-known/acme-challenge/" and not "/".
"GET / HTTP/1.1"
"Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

  1. Certbot is sending "GET /"
  2. Redirected to https://
  3. Certbot blocked because it is none of your business
  4. Certbot refused to generate certificate

Expected result:

Certbot GET ONLY at /.well-known/acme-challenge/ and nothing more!

Your server sent an HTTP 3xx redirect from /.well-known/acme-challenge/xxx to /.

Let's Encrypt will follow redirects.


Let me guess...

  • Apache ?

Let me keep guessing...

  • First certificate on that system?
  • First ever certificate?

There is little for anyone to help you with.
Given the little nonexistent information provided.

Did you review the Apache logs to see if there were any requests prior to the "get /" ?
I'm pretty sure that's how the ACME protocol works for the other 2M users.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.