Help certbot my domain

My domain is:

I ran this command:
sudo certbot --nginx certonly -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Selected plugins: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification ...
Cleaning up challenges
Failed authorization procedure. (http-01): urn: ietf: params: acme: error: connection :: The server could not connect to the client to verify the domain :: Fetching .br / .well-known / acme-challenge / HTS2FA37WQVY93tXPAN4FLbz5UsJBOphkUwmSX9Bn3w: Timeout during connect (likely firewall problem)


  • The following errors were reported by the server:
    I tested another domain that redirects to the same server and it worked perfectly
    same nginx rule same ip as server.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):


The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 0.31.0


Your host isn't reachable on port 80 (nor on port 443 for that matter). This is required for the challenge. Please open port 80 in your firewall(s) and/or (NAT) router.

An alternative would be to use the dns-01 challenge, but that's way more difficult to set up in most circumstances.


Sorry for the iguinorancia, I can access port 80 by typing or, making a test

Status: active

To Action From

22 / tcp LIMIT Anywhere
443 / tcp ALLOW Anywhere
80 / tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
22 / tcp (v6) LIMIT Anywhere (v6)
443 / tcp (v6) ALLOW Anywhere (v6)
80 / tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)

how could it release port 80 for cerbot?

thank you.


You can't, this is not an issue with certbot. Your site isn't accessible from the world wide web at all. You can check external sites such as to verify this.

Getting your site up and running for the world wide web is pretty much outside the scope of this Community I'm afraid.


Obrigado é regra de iptables, conseguir resolver, parabens...


Bem-vindo à Comunidade Let's Encrypt, Leandro :slightly_smiling_face:

Eu concordo com as descobertas de Osiris.

1 Like

Notei um servidor de nomes DigitalOcean. Você está usando um balanceador de carga?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.