Getting cert failied

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:

certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --email -d

It produced this output:

Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @ugandhar84

where do you run Certbot? On that ip

If yes, it should work.

If not, it can’t work.

--standalone is hard to debug. Isn’t it possible to start there a webserver you can use?

So you can test the webserver without running Certbot.

@JuergenAuer, agreed.
There is a valid nginx server already running on port 80.
Perfectly capable of handling the http auth request:

curl -Iki
HTTP/1.1 200
Server: nginx
Date: Sat, 19 Sep 2020 19:24:46 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Server: ip-172-31-21-235

But it seems to be return 200 and this content for all requests:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "">

    <meta name="description" content="">
    <meta name="keywords" content="">
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <script type="text/javascript">
        var _gaq = _gaq || [];
        _gaq.push(['_setAccount', 'UA-23441223-3']);
        _gaq.push(['_setDomainName', 'none']);
        _gaq.push(['_setAllowLinker', true]);
        (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  <frameset rows="*">
    <frame frameborder=0 src="" name="dot_tk_frame_content" scrolling="auto" noresize>

Oh, what’s that?

I’ve checked

there a timeout.



May be the hoster blocks /.well-known/acme-challenge or it’s a proxy configuration.

It may be a Freenom parked page.

And now all the nameservers are missing:

nslookup -q=ns

        primary name server =
        responsible mail addr =
        serial  = 1600544051
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 5 (5 secs)


This must be a very newly registered domain name.

Domain registration shows 4 nameservers:

But they don’t have information for this domain…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.