Problem on certbot dry run

Hi All,

I have a problem on running certbot command when I try to execute the certbot renew --dry-run -v this are the error show

certbot renew --dry-run -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Certificate not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Simulating renewal of an existing certificate for
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Type: connection
Detail: 203.177.XX.XX: Fetching Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Failed to renew certificate with error: Some challenges have failed.

All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

port 80, 443 is already open on the firewall, can anyone help me to troubleshoot the problem. Thanks

1 Like

Not enough; it's not reachable from the Internet:


Here is an online tool TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid to do a port scan, it use the IP Address and not the Domain Name.
Also you will want to select Scan all common ports


Thanks @rg305 @Bruce5051

we already solved the problem, by opening port 80 on the appliance firewall


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.