Moved server from one vps to another on oracle cloud and now I can't get certbot to create cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

NOTE: I can use telnet to verify that port 80 and 443 are open. I shutdown the process before using certbot.

My domain is:
I ran this command:
sudo certbot certonly --standalone
It produced this output:>

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Error getting validation data

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/
letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
not using a web server per se. running a derp server in a docker container

The operating system my web server runs on is (include version):
ubuntu 22.04
My hosting provider, if applicable, is:
oracle cloud
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.9.0

I guess we should take nothing for granted.
On that system. what shows?:
curl -4

This is the ip address in my A record pointer.

Also pinging url

PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=63 time=0.345 ms
64 bytes from ( icmp_seq=2 ttl=63 time=0.464 ms

That's good.

OK, now let's try:
sudo certbot certonly --standalone -d --debug-challenges

That should pause the process midway.
Do NOT hit enter [yet]
Let me know when it is ready and waiting.


Just executed command and got to

Press Enter to Continue

Sorry, I don't see anything answering.
If you stopped it, do it again.


just now started it again 1236 cdt

Sorry, I still don't see anything answering.
Maybe you can test it yourself from another system over the Internet.
I would simply try:
curl -Ii

1 Like

Ok I’ll try.
I can see that it is listening on 80 from another ssh connection so I don’t know what the problem is.

I tried the curl and it failed

I did this

PS C:\Users\brook> telnet 80
Connecting To

but it just hangs

just for laughs

PS C:\Users\brook> telnet 22
Connecting To

the above makes a connection

I am looking at the Oracle Cloud Default Security List for my account and I allow 443 80 22 and some udp stuff through.

I'll let you know if I figure out anything - mostly by changing things and see what happens.

This used to work on the other instance I had setup. I am trying to move to a different processor. Going from intel to something like an ARM but not the same brand.

no luck changing anything on the Security list.
I shut down the certbot and started the app which is listening on 80 and 443

Here's what I see when I curl each.


Client sent an HTTP request to an HTTPS server.

so the ports are open and can talk to the application just not certbot.

I forgot here's the one you requested:

curl -Ii
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Date: Thu, 21 Mar 2024 19:12:35 GMT

tried caddy and got the exact same message.

this has got to be a Oracle problem.

I'll check back when if I figure it out.

1 Like

Well that is unexpected.
[certbot in --standalone mode would not redirect]
Something is grabbing the HTTP ACME requests before it reaches the client.


I did find that oracle cloud instances don't like ufw

And this seems likely for the latest version too. In my first try at this that worked I was using instructions that said I should install firewalld to manage the firewall which i did. I am in the middle of trying out firewalld to solve the problem. However, during the install process my instance crashed. Trying to recover now.

A lot to go through for a free vps.

1 Like

Presently I see Ports 80 & 443 filtered (i.e. blocked) from the viewpoint of the Internet.
Do you have a firewall and/or router filtering or blocking or dropping on TCP Ports 80 & 443?

$ nmap -Pn -p80,443
Starting Nmap 7.80 ( ) at 2024-03-21 23:49 UTC
Nmap scan report for (
Host is up.

80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.50 seconds
1 Like

yes I do that is the problem. I wanted to use ufw but that is not possible in the oracle cloud instances so now I am getting up to speed on iptables. I wanted to install firewalld but that crashed my other test system. Now I am working on getting iptables to open 80 and 443 and other ports I need for my project.

You may want see if firehol is to your liking. I moved to firehol from ufw many years ago and still use it.


I found this extremely cool:
dnsbl · firehol/firehol Wiki · GitHub

Thanks for the tip.


FYI - @mooncaptain Presently I see Ports 80 & 443 CLOSED

$ nmap -Pn -p80,443
Starting Nmap 7.80 ( ) at 2024-03-22 02:33 UTC
Nmap scan report for (
Host is up (0.057s latency).

80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
1 Like

looks like a good firewall management system. the iptables on all the oracle cloud infrastructure linux boxes is tightly integrated with their cloud network. I would have to build all that from scratch in firehol so probably not going to do that in this instance. I have already opened up all the necessary ports using iptables. I seem to remember doing all this years ago - it looks a lot like how a mikrotik router gets programmed.

I haven't got my server working but I do have the certificates all loaded and the connection is encrypted.

The solution for Oracle Cloud infrastructure boxes is don't use ufw it doesn't work. Use iptables instead to open ports.