Please help! Getting error, mostly firewall problem or acme-challenge

Dear Let's Encrypt,

I hope this message finds you well. I am reaching out regarding an issue I've encountered while attempting to install Let's Encrypt SSL certificates across several domains. Despite using both Certbot and Certify The Web software for the installation, I consistently encounter errors for all the specified domains listed below:

My objective is to secure these domains with Let's Encrypt SSL, yet my domain provider does not facilitate this process.

As these domains are hosted on my Windows Server 2022, obtaining SSL certificates for each domain through Let's Encrypt would be immensely beneficial. I kindly request your assistance in resolving this matter promptly or providing the necessary SSL certificates for the mentioned domains.

Your support in addressing this SSL installation challenge would be greatly appreciated. Please let me know if any further information or actions are required from my end to facilitate the resolution.

Thank you for your attention and assistance in advance.

Please help me!

1 Like

First, EFF has announced that they are dropping support for Windows in Certbot starting next month. You should not setup a new system on Windows relying on it.

As to error, your domain cannot be reached using HTTP (port 80) from the public internet. This is usually a firewall setting as indicated by the error message. Also check any port assignments and routing. The Let's Debug test site is often helpful to test comms connections on new setups.

As for some of your other domains, there looks to be significant problems with the DNS config. Simple lookups for an A record fail with SERVFAIL. Here is one tool to help review DNS


All tried but still get error in both certify the web and certbot

You have many problems. Focus on just

I get the same result from Let's Debug as before. If you checked all your comms setup then maybe your ISP does not allow connections using port 80. You should check with them.

We cannot "provide" them. You must request them using an ACME Client (like Certbot or Certify the Web).


The certificate authentication process chosen requires the Internet to reach your Windows server on port 80 [HTTP].
Something is stopping that from happening.

  • external firewall?
  • internal firewall?
  • your ISP?
  • incorrect NAT/port forwarding?
  • who knows?

There are generally two places you need to open port TCP 80 to enable http requests:

  • Your cloud server networking control panel (assuming you are using a cloud hosted server)
  • Windows firewall

You need to update both to allow http requests to reach your server on port 80, this is required for the default HTTP validation to work. Alternatively if supported you can use DNS validation instead but that's much more work than just using HTTP validation.

If you're not quite sure about how to open ports in general you should get advice from a local IT consultant to help you.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.