I am unable to create a certificate in Fedora 43 for my website. "Some challenges have failed."

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.kitosdomain.com

I ran this command: sudo certbot --apache -v

It produced this output:
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for www.kitosdomain.com
Performing the following challenges:
http-01 challenge for www.kitosdomain.com
Waiting for verification...
Challenge failed for domain www.kitosdomain.com
http-01 challenge for www.kitosdomain.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.kitosdomain.com
Type: connection
Detail: 24.172.29.130: Fetching http://www.kitosdomain.com/.well-known/acme-challenge/TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg: Error getting validation

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apacernet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for
[root@kitoshomeserver MyHomeServerConfigsBackupNotes]# sudo certbot --apache -v

My web server is (include version):
[root@kitoshomeserver MyHomeServerConfigsBackupNotes]# httpd -v
Server version: Apache/2.4.66 (Fedora Linux)
Server built: Dec 9 2025 00:00:00
[root@kitoshomeserver MyHomeServerConfigsBackupNotes]#

The operating system my web server runs on is (include version):
[root@kitoshomeserver MyHomeServerConfigsBackupNotes]# cat /etc/redhat-release
Fedora release 43 (Forty Three)

My hosting provider, if applicable, is: Spectrum (Charter Communications)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): n/a

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): [root@kitoshomeserver MyHomeServerConfigsBackupNotes]# certbot --version
certbot 4.1.1

letsencrypt.log_old.txt (25.1 KB)
2026-01-11 16:42:32,524:DEBUG:certbot._internal.main:certbot version: 4.1.1
2026-01-11 16:42:32,524:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/sbin/certbot
2026-01-11 16:42:32,524:DEBUG:certbot._internal.main:Arguments: ['--apache', '-v']
2026-01-11 16:42:32,524:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-01-11 16:42:32,533:DEBUG:certbot._internal.log:Root logging level set at 20
2026-01-11 16:42:32,534:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2026-01-11 16:42:32,596:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.66
2026-01-11 16:42:32,985:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f3941b86ba0>
Prep: True
2026-01-11 16:42:32,985:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f3941b86ba0> and installer <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7f3941b86ba0>
2026-01-11 16:42:32,985:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2026-01-11 16:42:33,060:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2955412526', new_authzr_uri=None, terms_of_service=None), 3a11d45f9b534764e185000436950237, Meta(creation_dt=datetime.datetime(2026, 1, 11, 21, 26, 44, tzinfo=datetime.timezone.utc), creation_host='kitoshomeserver.kitosdomain.com', register_to_eff='kitojoseph@gmail.com'))>
2026-01-11 16:42:33,060:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-01-11 16:42:33,062:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-01-11 16:42:33,318:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1033
2026-01-11 16:42:33,319:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 11 Jan 2026 21:42:33 GMT
Content-Type: application/json
Content-Length: 1033
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"4cuOK-cknt4": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "Profiles - Let's Encrypt",
"shortlived": "Profiles - Let's Encrypt",
"tlsclient": "Profiles - Let's Encrypt",
"tlsserver": "Profiles - Let's Encrypt"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2026-01-11 16:42:33,320:DEBUG:certbot.util:Not suggesting name "127.0.0.1"
Traceback (most recent call last):
File "/usr/lib/python3.14/site-packages/certbot/util.py", line 395, in get_filtered_names
filtered_names.add(enforce_le_validity(name))
~~~~~~~~~~~~~~~~~~~^^^^^^
File "/usr/lib/python3.14/site-packages/certbot/util.py", line 583, in enforce_le_validity
domain = enforce_domain_sanity(domain)
File "/usr/lib/python3.14/site-packages/certbot/util.py", line 643, in enforce_domain_sanity
raise errors.ConfigurationError(
...<2 lines>...
"bare IP address.".format(domain))
certbot.errors.ConfigurationError: Requested name 127.0.0.1 is an IP address. The Let's Encrypt certificate authority will not issue certificates for a bare IP address.
2026-01-11 16:42:40,423:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for www.kitosdomain.com
2026-01-11 16:42:40,425:DEBUG:acme.client:Requesting fresh nonce
2026-01-11 16:42:40,425:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-01-11 16:42:40,493:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-01-11 16:42:40,493:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 11 Jan 2026 21:42:40 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Pihtai8mraAWPmw2olcA478RsON3MfFVilXoVOsdMTsz3pox2Qo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2026-01-11 16:42:40,494:DEBUG:acme.client:Storing nonce: Pihtai8mraAWPmw2olcA478RsON3MfFVilXoVOsdMTsz3pox2Qo
2026-01-11 16:42:40,494:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "www.kitosdomain.com"\n }\n ]\n}'
2026-01-11 16:42:40,498:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjk1NTQxMjUyNiIsICJub25jZSI6ICJQaWh0YWk4bXJhQVdQbXcyb2xjQTQ3OFJzT04zTWZGVmlsWG9WT3NkTVRzejNwb3gyUW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "gIWrx1TvdheidVP_-APbNM65MHxnXG8TP0tFhy5zKRuUWrvc3By10RDYb7EZIXn7V6TDxarDZoD39Hq2PQsiVLN0Xa7nrG2c_ny5SeVPRN3tErIdinRWIeuOXdRfgX1VlnVv2hEL0D6E-lSNZ9khnDzMCojgXIUxVnhYxdTM0uakn3Cb79_KYTfOL37jEhmv9R5viFjEWgllVtSwP9648-ZPAR66UgpkfFE92pbauPzLhwWYGQvxvIwaqMfW7HRLyRkBJfNEzO6oiz_8TWUmEiN9X589u_ijwJolwVjIZv2YiP9safv3ve5dhgGfXd9WvorL4zqTBvYKQWPxuV0D2g",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5raXRvc2RvbWFpbi5jb20iCiAgICB9CiAgXQp9"
}
2026-01-11 16:42:40,722:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 353
2026-01-11 16:42:40,723:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 11 Jan 2026 21:42:40 GMT
Content-Type: application/json
Content-Length: 353
Connection: keep-alive
Boulder-Requester: 2955412526
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2955412526/468503491646
Replay-Nonce: Pihtai8mhRUHcBwONLrHOBLf8uxJ7sDoASSmkrFfB46GG37Ahcs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2026-01-18T21:42:40Z",
"identifiers": [
{
"type": "dns",
"value": "www.kitosdomain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2955412526/641639778556"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2955412526/468503491646"
}
2026-01-11 16:42:40,723:DEBUG:acme.client:Storing nonce: Pihtai8mhRUHcBwONLrHOBLf8uxJ7sDoASSmkrFfB46GG37Ahcs
2026-01-11 16:42:40,724:DEBUG:acme.client:JWS payload:
b''
2026-01-11 16:42:40,726:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2955412526/641639778556:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjk1NTQxMjUyNiIsICJub25jZSI6ICJQaWh0YWk4bWhSVUhjQndPTkxySE9CTGY4dXhKN3NEb0FTU21rckZmQjQ2R0czN0FoY3MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI5NTU0MTI1MjYvNjQxNjM5Nzc4NTU2In0",
"signature": "i_qByA10n02DH4_Lc-va-z9U0v2Ur_VNS4JaLJyPF8NOK_IQDmVKfLQDDD1G1BHdc9EA3hJG4qDdPn2LiWP9JD3K7MsMyLhsOH9SPiosAwNZ7YJIYFeqbvwjc8LDFSDwco8xWQft-AZkqsRJT8yBoOAK3Q_UiDiKV1GCVCwhmKciG-9Moz_tIrnCM9j2mGqWwB0sTfQvhT-LNUCjCJKCldToBYI5wjulebulM7yKOTzlZhAE-Xqo-5HU628dJprX2XNfDdiFePu3qVBf3JXgQSD3nl0_6qDO0LpOulQBGhWMU3SYlBUPlD2dqSl_rV7m1TOotMFECkWNhH54Se-FTA",
"payload": ""
}
2026-01-11 16:42:40,806:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2955412526/641639778556 HTTP/1.1" 200 827
2026-01-11 16:42:40,807:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 11 Jan 2026 21:42:40 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 2955412526
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: lXCKneqJo02TVKy22LZF0vkuXvVfeDMgxQ5rSqyuFPmRn6V4pcI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.kitosdomain.com"
},
"status": "pending",
"expires": "2026-01-18T21:42:40Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/iGw4fw",
"status": "pending",
"token": "TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/6maOgA",
"status": "pending",
"token": "TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/d6rP2w",
"status": "pending",
"token": "TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg"
}
]
}
2026-01-11 16:42:40,807:DEBUG:acme.client:Storing nonce: lXCKneqJo02TVKy22LZF0vkuXvVfeDMgxQ5rSqyuFPmRn6V4pcI
2026-01-11 16:42:40,808:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-01-11 16:42:40,808:INFO:certbot._internal.auth_handler:http-01 challenge for www.kitosdomain.com
2026-01-11 16:42:40,855:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: www.kitosdomain.com in: /etc/httpd/conf.d/kitosdomain.conf
2026-01-11 16:42:40,856:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/httpd/conf.d/ssl.conf
2026-01-11 16:42:40,856:DEBUG:certbot_apache.internal.http_01:writing a pre config file with text:
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

2026-01-11 16:42:40,857:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
RewriteEngine on
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted

<Location /.well-known/acme-challenge>
Require all granted

2026-01-11 16:42:40,924:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/kitosdomain.conf
2026-01-11 16:42:40,925:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf.d/ssl.conf
2026-01-11 16:42:44,051:DEBUG:acme.client:JWS payload:
b'{}'
2026-01-11 16:42:44,053:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/d6rP2w:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjk1NTQxMjUyNiIsICJub25jZSI6ICJsWENLbmVxSm8wMlRWS3kyMkxaRjB2a3VYdlZmZURNZ3hRNXJTcXl1RlBtUm42VjRwY0kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzI5NTU0MTI1MjYvNjQxNjM5Nzc4NTU2L2Q2clAydyJ9",
"signature": "N3huH35Nfz0HW1zlIgccSvKljoElrP-tKGrvS5iIORW91IRJiDg5EU5JeIWxkL6jDk23gI-lel-Y4lBDMOLyEww2Q5ALntcgsx4pxjEdSzdT9ZY2TI2FIfK9sFEG24sQ-jUU4sN6Z49pXbTVKqGJ5rCW2oJm-DsMF3-2WigrNtWGXHt1xCnvl1fUtX9buK_BqccUdmG4VeTo4SL3dJaK9NKn9QAAI7gfiSgOh9FXe0XxCSQD-vN4etBEVv3114Jy5NU8TKwTa__52UJM9gpzx9vUs2lQaKoC7pm6FH5YOmQNhuDLy3LZB49OhkjXk8nV4rJeWkTylIDaVP4iHFNqlg",
"payload": "e30"
}
2026-01-11 16:42:44,190:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2955412526/641639778556/d6rP2w HTTP/1.1" 200 195
2026-01-11 16:42:44,190:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 11 Jan 2026 21:42:44 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 2955412526
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz/2955412526/641639778556;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/d6rP2w
Replay-Nonce: Pihtai8mBRsmA3U5WbF-HSNHSSlEmp8K6KINHiqITUdWpdhliRQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/d6rP2w",
"status": "pending",
"token": "TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg"
}
2026-01-11 16:42:44,190:DEBUG:acme.client:Storing nonce: Pihtai8mBRsmA3U5WbF-HSNHSSlEmp8K6KINHiqITUdWpdhliRQ
2026-01-11 16:42:44,191:INFO:certbot.internal.auth_handler:Waiting for verification...
2026-01-11 16:42:45,191:DEBUG:acme.client:JWS payload:
b''
2026-01-11 16:42:45,193:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2955412526/641639778556:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjk1NTQxMjUyNiIsICJub25jZSI6ICJQaWh0YWk4bUJSc21BM1U1V2JGLUhTTkhTU2xFbXA4SzZLSU5IaXFJVFVkV3BkaGxpUlEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI5NTU0MTI1MjYvNjQxNjM5Nzc4NTU2In0",
"signature": "jvLoDE8tLid52m4HaJ3zW0B_LRB8b3NG5NawFSlJH7T3iMq-bbhaeGLxRc3cwPVqfIQbFrx_buQ7VvNE27lIbt6oxMuUHkWjw1yd-ZaksxePX7Sq89bfFofhA67HEkKTD4G9hVoHELlUDQG1SMlEDfAYna8zBci6wRjTZxHompnCQCUf_-QH7tWSJ7QPTqZzUbMudhEA_o6onuk9LFjwVwVLHVuos2PD_a5W4wEF7akwUv6AOuvmyTA8CuQulTzZfqLtRd_T8o3S5ssDBzghenT2KOuLnTO3gAi1ORZV1weyGId_sfZdYzTJRxQiQdeusafZuENjXXvhdXe4jmnCA",
"payload": ""
}
2026-01-11 16:42:45,267:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2955412526/641639778556 HTTP/1.1" 200 827
2026-01-11 16:42:45,268:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 11 Jan 2026 21:42:45 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 2955412526
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: Pihtai8mG-AIVVlOKN5ZxKIXBRObkU7LmvvzoRCYC3GGoiS1tKU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.kitosdomain.com"
},
"status": "pending",
"expires": "2026-01-18T21:42:40Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/d6rP2w",
"status": "pending",
"token": "TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/6maOgA",
"status": "pending",
"token": "TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/iGw4fw",
"status": "pending",
"token": "TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg"
}
]
}
2026-01-11 16:42:45,268:DEBUG:acme.client:Storing nonce: Pihtai8mG-AIVVlOKN5ZxKIXBRObkU7LmvvzoRCYC3GGoiS1tKU
2026-01-11 16:42:48,269:DEBUG:acme.client:JWS payload:
b''
2026-01-11 16:42:48,271:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2955412526/641639778556:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjk1NTQxMjUyNiIsICJub25jZSI6ICJQaWh0YWk4bUctQUlWVmxPS041WnhLSVhCUk9ia1U3TG12dnpvUkNZQzNHR29pUzF0S1UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI5NTU0MTI1MjYvNjQxNjM5Nzc4NTU2In0",
"signature": "U_ji2C3epwuNvdXogNuQp1noxY7RFCLfBPLKnkgF8ydnYDq3pw5ipg35f7to4dofvMtTk02iWGkj2cTxHx_LFbdcAkHQjn4oDmqHsBO21PJ0KZAclKO62ia9QokRnJbHQ2t7jcvSOIIjPDuCKyFTmiijMVFYMs93Oczx77x-IHi58kjxw3sYMphlerVdew6XR2Tdm_4SVT2A3Az7T-rBRA56OC9hjdnKa7Mkt5ZD5bq67L_R7yuNvGlJKMqEFHTWdYGolNthW0WSpr2VHg96rz18x6DX232xTh00WCb7bnySXWiKoOmUgr3pgKm_givyp5H-oH8BOpJZHUVlRpG5iw",
"payload": ""
}
2026-01-11 16:42:48,353:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2955412526/641639778556 HTTP/1.1" 200 1063
2026-01-11 16:42:48,353:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 11 Jan 2026 21:42:48 GMT
Content-Type: application/json
Content-Length: 1063
Connection: keep-alive
Boulder-Requester: 2955412526
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: lXCKneqJm6Y30BELPFFvUiP49iPYrp2DvxxE_HN6tnlv1j-1enc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.kitosdomain.com"
},
"status": "invalid",
"expires": "2026-01-18T21:42:40Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2955412526/641639778556/d6rP2w",
"status": "invalid",
"validated": "2026-01-11T21:42:44Z",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "24.172.29.130: Fetching http://www.kitosdomain.com/.well-known/acme-challenge/TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg: Error getting validation data",
"status": 400
},
"token": "TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg",
"validationRecord": [
{
"url": "http://www.kitosdomain.com/.well-known/acme-challenge/TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg",
"hostname": "www.kitosdomain.com",
"port": "80",
"addressesResolved": [
"24.172.29.130"
],
"addressUsed": "24.172.29.130"
}
]
}
]
}
2026-01-11 16:42:48,354:DEBUG:acme.client:Storing nonce: lXCKneqJm6Y30BELPFFvUiP49iPYrp2DvxxE_HN6tnlv1j-1enc
2026-01-11 16:42:48,354:INFO:certbot._internal.auth_handler:Challenge failed for domain www.kitosdomain.com
2026-01-11 16:42:48,355:INFO:certbot._internal.auth_handler:http-01 challenge for www.kitosdomain.com
2026-01-11 16:42:48,355:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.kitosdomain.com
Type: connection
Detail: 24.172.29.130: Fetching http://www.kitosdomain.com/.well-known/acme-challenge/TIm7sCdxnMQqAYxK6pAV1jEcjkzujqaCrm2LWg7ZNBg: Error getting validation data

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

2026-01-11 16:42:48,357:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.14/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-01-11 16:42:48,357:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-01-11 16:42:48,357:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-01-11 16:42:48,498:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/sbin/certbot", line 8, in
sys.exit(main())
~~~~^^
File "/usr/lib/python3.14/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
~~~~~~~~~~~~~~~~~~^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/certbot/_internal/main.py", line 1879, in main
return config.func(config, plugins)
~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/certbot/_internal/main.py", line 1435, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
certname, lineage)
File "/usr/lib/python3.14/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.14/site-packages/certbot/_internal/client.py", line 524, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^
File "/usr/lib/python3.14/site-packages/certbot/_internal/client.py", line 425, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.14/site-packages/certbot/_internal/client.py", line 503, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3.14/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.14/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2026-01-11 16:42:48,501:ERROR:certbot._internal.log:Some challenges have failed.

I'm unable to connect to your website, have you check that the IP address is correct (is your server still at 24.172.29.130) and have you allowed connections on TCP port 80.

Yes, Unless I have some configuration not working properly or port forwarding is not working properly on my router. It is saying as a new user I can't upload the network diagram and supporting documentation to get this issue resolved. I will try to find another way.

I'm currently getting ICMP host unreachable packets whenever I try to connect to 24.172.29.130:80.
Can your home web server access the Internet and what IP prefixes are you using for you LAN. you might have to add 192.168.100.0/24 to your router's routes.

Thanks for the response, based off the graphic which routers do I add that route to and for educational purposes why would I have to add a route if port forwarding is enabled (doesn't the router all ready implies that)?

Hello @otikkito,

Using the on line tool Let's Debug yields these results.
https://letsdebug.net/www.kitosdomain.com/2682111

image1256×633 34.6 KB

And here Permanent link to this check report gets results of "Connection timed out" and "No route to host".

Yes, it can access the internet via NAT within my home router. Do you have another web server where I can test, send a packet, or try to reach behind my NAT and from the homeserver where I want to host?

Try this Open Port Check Tool - Test Port Forwarding on Your Router.

Here are a couple of traceroutes from my Portland, Oregon metro area location
to www.kitosdomain.com

$ sudo traceroute -T -p 80 www.kitosdomain.com
traceroute to www.kitosdomain.com (24.172.29.130), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.201 ms  0.133 ms  0.227 ms
 2  100.93.173.195 (100.93.173.195)  10.966 ms 100.93.173.194 (100.93.173.194)  10.945 ms *
 3  po-330-352-rur202.beaverton.or.bverton.comcast.net (162.151.215.25)  10.836 ms po-330-351-rur201.beaverton.or.bverton.comcast.net (162.151.215.17)  10.816 ms *
 4  * po-2-rur202.beaverton.or.bverton.comcast.net (24.124.129.106)  10.724 ms *
 5  po-200-xar02.beaverton.or.bverton.comcast.net (96.216.60.165)  14.843 ms * *
 6  po-2-xar01.beaverton.or.bverton.comcast.net (24.124.129.61)  14.757 ms * *
 7  ae-69-ar01.beaverton.or.bverton.comcast.net (96.216.60.157)  18.741 ms * *
 8  be-36241-cs04.portland.or.ibone.comcast.net (68.86.94.205)  9.864 ms * *
 9  * * be-2113-pe13.9greatoaks.ca.ibone.comcast.net (96.110.40.210)  28.372 ms
10  * * *
11  * * *
12  lag-14.chcgildt87w-bcr00.netops.charter.com (66.109.6.15)  77.988 ms  80.733 ms  80.765 ms
13  lag-402.bcr01nsvntnjy.netops.charter.com (107.14.19.196)  77.908 ms lag-14.chcgildt87w-bcr00.netops.charter.com (66.109.6.15)  78.604 ms  78.551 ms
14  lag-403.atldga10ds1-bcr00.netops.charter.com (107.14.19.195)  87.468 ms lag-402.bcr01nsvntnjy.netops.charter.com (107.14.19.196)  82.292 ms lag-502.bcr01nsvntnjy.netops.charter.com (66.109.6.119)  80.273 ms
15  lag-828-10.rcr01chrcnctr.netops.charter.com (66.109.3.175)  88.744 ms lag-826-10.rcr01chrcnctr.netops.charter.com (66.109.3.167)  86.660 ms lag-405.atldga10ds1-bcr00.netops.charter.com (24.58.104.6)  78.754 ms
16  lag-1.apexncco01r.netops.charter.com (24.93.64.187)  89.714 ms lag-826-10.rcr01chrcnctr.netops.charter.com (66.109.3.167)  83.835 ms lag-1.apexncco01r.netops.charter.com (24.93.64.187)  88.954 ms
17  lag-1.hcr02apexncco.netops.charter.com (24.25.55.209)  86.675 ms lag-1.apexncco01r.netops.charter.com (24.93.64.187)  90.657 ms  89.479 ms
18  lag-19.apexncco02h.netops.charter.com (24.25.55.179)  93.236 ms  92.801 ms lag-1.hcr02apexncco.netops.charter.com (24.25.55.209)  90.121 ms
19  syn-174-111-102-195.inf.spectrum.com (174.111.102.195)  90.986 ms lag-19.apexncco02h.netops.charter.com (24.25.55.179)  92.306 ms syn-174-111-102-195.inf.spectrum.com (174.111.102.195)  88.253 ms
20  syn-174-111-102-195.inf.spectrum.com (174.111.102.195)  90.213 ms syn-024-172-029-130.biz.spectrum.com (24.172.29.130)  100.048 ms  101.035 ms
21  syn-024-172-029-130.biz.spectrum.com (24.172.29.130)  100.867 ms  104.678 ms  105.035 ms
22  syn-024-172-029-130.biz.spectrum.com (24.172.29.130)  3217.837 ms !H  3217.005 ms !H  3209.890 ms !H

$ sudo traceroute -T -p 443 www.kitosdomain.com
traceroute to www.kitosdomain.com (24.172.29.130), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.252 ms  0.172 ms  0.148 ms
 2  100.93.173.194 (100.93.173.194)  10.611 ms  10.592 ms  10.765 ms
 3  po-330-352-rur202.beaverton.or.bverton.comcast.net (162.151.215.25)  10.744 ms  10.724 ms  10.511 ms
 4  po-200-xar02.beaverton.or.bverton.comcast.net (96.216.60.165)  10.490 ms * *
 5  po-200-xar02.beaverton.or.bverton.comcast.net (96.216.60.165)  14.553 ms  14.532 ms po-2-xar01.beaverton.or.bverton.comcast.net (24.124.129.61)  14.802 ms
 6  ae-69-ar01.beaverton.or.bverton.comcast.net (96.216.60.157)  14.782 ms po-2-xar01.beaverton.or.bverton.comcast.net (24.124.129.61)  13.674 ms  13.590 ms
 7  ae-69-ar01.beaverton.or.bverton.comcast.net (96.216.60.157)  13.827 ms  8.528 ms  8.351 ms
 8  be-36231-cs03.portland.or.ibone.comcast.net (68.86.94.201)  13.307 ms be-36221-cs02.portland.or.ibone.comcast.net (68.86.94.197)  13.117 ms be-36241-cs04.portland.or.ibone.comcast.net (68.86.94.205)  12.985 ms
 9  * * be-2113-pe13.9greatoaks.ca.ibone.comcast.net (96.110.40.210)  23.281 ms
10  * lag-13.snjucacl67w-bcr00.netops.charter.com (66.109.5.132)  85.565 ms  85.552 ms
11  * * *
12  lag-14.chcgildt87w-bcr00.netops.charter.com (66.109.6.15)  83.720 ms  84.197 ms  82.983 ms
13  lag-14.chcgildt87w-bcr00.netops.charter.com (66.109.6.15)  94.403 ms  82.895 ms lag-502.bcr01nsvntnjy.netops.charter.com (66.109.6.119)  80.814 ms
14  lag-403.atldga10ds1-bcr00.netops.charter.com (107.14.19.195)  80.330 ms lag-502.bcr01nsvntnjy.netops.charter.com (66.109.6.119)  80.792 ms lag-402.bcr01nsvntnjy.netops.charter.com (107.14.19.196)  80.641 ms
15  lag-405.atldga10ds1-bcr00.netops.charter.com (24.58.104.6)  80.300 ms lag-403.atldga10ds1-bcr00.netops.charter.com (107.14.19.195)  80.085 ms lag-405.atldga10ds1-bcr00.netops.charter.com (24.58.104.6)  79.655 ms
16  lag-824-10.rcr01chrcnctr.netops.charter.com (66.109.3.173)  84.993 ms lag-822-10.rcr01chrcnctr.netops.charter.com (66.109.3.67)  84.930 ms lag-820-10.rcr01chrcnctr.netops.charter.com (66.109.3.165)  96.196 ms
17  lag-1.hcr02apexncco.netops.charter.com (24.25.55.209)  98.858 ms lag-1.apexncco01r.netops.charter.com (24.93.64.187)  101.761 ms  101.697 ms
18  lag-1.hcr02apexncco.netops.charter.com (24.25.55.209)  90.998 ms  91.265 ms lag-19.apexncco02h.netops.charter.com (24.25.55.179)  93.866 ms
19  lag-19.apexncco02h.netops.charter.com (24.25.55.179)  93.201 ms syn-174-111-102-195.inf.spectrum.com (174.111.102.195)  91.358 ms  91.087 ms
20  syn-024-172-029-130.biz.spectrum.com (24.172.29.130)  97.532 ms syn-174-111-102-195.inf.spectrum.com (174.111.102.195)  86.663 ms syn-024-172-029-130.biz.spectrum.com (24.172.29.130)  110.818 ms
21  syn-024-172-029-130.biz.spectrum.com (24.172.29.130)  103.479 ms  105.124 ms *
22  syn-024-172-029-130.biz.spectrum.com (24.172.29.130)  3134.360 ms !H  3131.027 ms !H  3120.982 ms !H

Thanks for the help so far. I have a ticket open with TP-Link and should speak with them tomorrow. Some ports are open, some services are working remotely, but the web server is not, and there is an inability to create a Let's Encrypt certificate.

Spectrum Business is my ISP.

spectrumPortF1892×900 66.7 KB

How to secure my website with ssl on fedora linux 43, secure bugzilla while using a valid internet certificate, how much would it cost, and a simple step by step instructions on how to do this for my homeserver?

Just to recap ... you are using the --apache option with Certbot which uses an HTTP Challenge to prove you control that domain. You must satisfy this challenge before Let's Encrypt will issue a certificate.

But, any HTTP request (on port 80) to your system is failing. This prevents the challenge from succeeding. This problem is affecting all requests to your system not just this challenge.

You must get HTTP requests on port 80 working first.

You have been shown many testing tools to check that and they all show the same problem.

Given what you recently posted I would double-check that your Spectrum admin panel is set properly for HTTP and HTTPS.

But, we are not a general purpose help forum for setting up network connections. You should work with Spectrum support and/or TP-link to learn how to have your Apache server respond to HTTP requests. Maybe even visit an Apache support forum. Your problems are not related to Let's Encrypt. Once you can see your default Apache page using http://www.kitosdomain.com then your request to get a cert should work fine.

As I worked in IT and technical support, everyone is saying its not their issue and I don't have specific expertise domain knowledge to definitely say what is what. I will take your advice and link it to each person forum you told me to reach out to. Thanks for the advice.