How to find probelm when let'sEncrypt failed

Hi, I want to find the probelm, can someone help me?

I ran this command:

Create certificate (default settings)
It produced this output:


 Renewal [IIS] XXX, (any host) running prematurely due to source change in order Main
 Renewing [IIS] XXX, (any host)
 First chance error calling into ACME server, retrying with new nonce...
 Cached order has status invalid, discarding
 [XXX] Authorizing...
 [XXX] Authorizing using http-01 validation (SelfHosting)
 [XXX] Authorization result: invalid
 [XXX] {
  "type": "urn:ietf:params:acme:error:connection",
  "detail": "ZZZ.ZZZ.ZZZ.ZZZ: Fetching http://XXX/.well-known/acme-challenge/5I2g6XrdQheZOV5M954RSBMQGI3_vjQZ-n3rtfRos3Y: Timeout during connect (likely firewall problem)",
  "status": 400
 [XXX] Deactivating pending authorization

Welcome to the community @amira133

Your website cannot be reached from the public internet. The link below is very helpful when debugging new sites. You can re-run that test after you make changes to see if a cert request will work.


thanks @MikeMcQ ,
Maybe let's Encrypt has blocked or sanctioned some domains?

1 Like

Well, that can happen. But, I don't see that this is unique to Let's Encrypt.

I cannot reach your domain server from my personal test server. And, this test site checks from several points around the world and cannot see it from any.

It looks more like a regular firewall problem. Can you reach your site using the public internet? Maybe try using a mobile phone with wifi turned off if you don't have other machines to test from.

Check any firewall to ensure port 80 is open to the public internet. You will also need port 443 open to use https:// connections to it after the certificate is setup.


If that were the case you would've received a different error, like here:

The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy


Thanks @MikeMcQ @Nekit
Apparently, the problem is with the firewall, so I have to talk to the IT manager


@MikeMcQ Can you please edit your answer and remove domin name from your answer?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.