Manual mode: The server could not connect to the client to verify the domain

Please fill out the fields below so we can help you better.

My domain is:

I ran this command: certbot-auto certonly --manual

It produced this output: Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to

My operating system is (include version): CentOS 7

My web server is (include version): apache (but not used during process)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

When I try to request a certificate in the manual mode from another host than where the cert should be used (bot located behind firewall), the command tells me, that it cannot connect to my host,
I run split DNS, so the host where the certbot command is run resolves the internal IP of the host,
A public DNS record also exists for the host..
When requesting the certificate, I stop the apache server on my target server, and run the commands as specified by the certbot. On the console of the target server I see:

$(command -v python2 || command -v python2.7 || command -v python2.6) -c \

"import BaseHTTPServer, SimpleHTTPServer;
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler);
s.serve_forever()" - - [04/Nov/2016 19:27:49] "GET /.well-known/acme-challenge/eVxGLWplJd7dWRy1IPjwZoEYziD6eNWm_L4rh5YJVIQ HTTP/1.1" 200 -

So the host where the certbot command is run is able to connect to my target server - and I know, that the target server also is available from the outside on ports 80 and 443

What is causing this issue - and how to solve it ?


Hi @bipsendk,

While you’re running the manual command, could you try running

curl -v

on another machine that’s not on the same LAN as the server?

I can connect to port 443. Port 80 times out.

Had forgot to change NAT in my firewall to the new address. Thanks for the tip.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.