Inability to Renew SSL certificate on Ubuntu 18.04, Apache tomcat 8.5.58

I have been trying to renew my expired ssl certificate on a vm in google cloud, O.S is Ubuntu 8.08 and webserver runs on Apache tomcat 8.5.58. I used the code:

sudo certbot certonly --force-renewal --apache -n -d [CERTIFICATE_NAME]

The result of the above code run is as below, with error codes:

root@ksdev-nnb-org-1:/app/apache-tomcat-8.5.58/bin# sudo certbot --force-renewal --apache -n -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:connection :: The server could
not connect to the client to verify the domain :: Fetching
SYhfPTAeUvJ0CAFmxGB6-v2hDoqO9E3yrMZE: Error getting validation data

  • The following errors were reported by the server:
    Type: connection
    Detail: Fetching
    Error getting validation data
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided

Could anyone please provide urgent solutions to this problem for me?

Please don't use that option. It doesn't help when errors present and it can lead to running into rate limits if you're not careful.

Also, the server listening on that hostname presents itself as "Nginx"? It seems I'm getting a "This website is for sale" parking site.. Not much we can help you with if the requests for your hostname aren't actually going to your server.

1 Like

It is an apache server. I'm sorry, I decided not to give real hostname for privacy reason. So what option should I use please?

Hi @olusola

the domain name is required. A domain is public, there is no privacy.


The failed request is in HTTPS, which means it must have heard a redirection.
Because the original request is always HTTP.

But all that may be mute, as you are running:

And that needs to be handled quite differently than regular Apache.

"Error getting validation data" is the catch-all error in the Let's Encrypt CA code when there was a network problem on connecting to your site. (In particular, it's used when Let's Encrypt hasn't written code that detects and reports a more specific error reason.)

Without knowing your domain name we (the Let's Encrypt community) can't do our own tests to figure out exactly what the problem is. It could be a firewall, IPv4/IPv6, or DNS error.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.