LetsEncrypt certificate request failed in nginx in CentOS 8 Stream

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: signage.daraz-it.lk

I ran this command:
sudo certbot --nginx

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: signage.daraz-it.lk

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for signage.daraz-it.lk

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/signage.daraz-it.lk/fullchain.pem
Key is saved at: /etc/letsencrypt/live/signage.daraz-it.lk/privkey.pem
This certificate expires on 2024-01-22.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for signage.daraz-it.lk to /etc/nginx/sites-available/signage.daraz-it.lk
Congratulations! You have successfully enabled HTTPS on https://signage.daraz-it.lk
An unexpected error occurred:
requests.exceptions.SSLError: HTTPSConnectionPool(host='supporters.eff.org', port=443): Max retries exceeded with url: /subscribe/certbot (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

If you like Certbot, please consider supporting our work by:

My web server is (include version):
nginx version: nginx/1.14.1

The operating system my web server runs on is (include version):
CentOS 8 Stream. Kernal Release version 4.18.0-514.el8.x86_64

My hosting provider, if applicable, is:
Private Server

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No. I am using the direct SSH

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.22.0

from the log it should succeded at installing new certficate, but errored on eff mail subscribe, but I can't access your webserver because firewalled.


Adding to what @orangepizza said; here is what is see with nmap

$ nmap -Pn -p80,443 signage.daraz-it.lk
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-24 16:04 UTC
Nmap scan report for signage.daraz-it.lk (
Host is up (0.30s latency).

80/tcp  open     http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 6.91 seconds

And here are a couple of online Port scanners that may assist

  1. Open Port Check Tool - Test Port Forwarding on Your Router
  2. TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.