Nginx with Docker. Certbot failed to authenticate some domains. Connection refused

I'm new to Docker and and Certbot and have following error, but not sure why the connection is being refused... Any ideas?

My domain is:

I ran this command:
docker-compose -f run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d

It produced this output:
Account registered.
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no I'm using Docker

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.29.0

Hi @sudo_sudo, and welcome to the LE community forum :slight_smile:

The HTTP connection was refused.
Is your HTTP site available from the Internet?


It was accessible via domain name, but since I have added this file to the root folder:


and these lines of code to the docker-compose file it is not accessible anymore:

      - 443:443
      - ./nginx/conf/:/etc/nginx/conf.d/:ro 
      - ./certbot/www:/var/www/certbot/:ro 
    restart: unless-stopped

    image: certbot/certbot:latest 
      - ./certbot/www/:/var/www/certbot/:rw

The Nginx config file is on the right side of the screenshot, but not sure if it is correct...

Please show this file:

server {
    listen 80;
    listen [::]:80;

    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;

    location / {
        return 301$request_uri;

server {
    listen 443 default_server ssl http2;
    listen [::]:443 ssl http2;


    ssl_certificate /etc/nginx/ssl/live/;
    ssl_certificate_key /etc/nginx/ssl/live/;
    location / {
    	try_files $uri $uri/ =404;

That can only be used once in the entire configuration.
Why did you use it there?
Doesn't that already exist elsewhere?

Also, HTTP redirects to HTTPS.
HTTPS has no root path.

It says "try_files" - try them where?


Thanks for your time! It seems to be rather a wrong Nginx configuration than a certbot issue...

About this:


I have found a config file on the bottom of the following website and and have adapted it as good as I can to my URL.

About this:


I have found it in the example of DigitalOcean but don't know what it means.

1 Like

Keep looking...
Until you come across the "root" directive.
Then use that one too.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.