Problem with a subdomain

I have a fresh install of debian buster and apache.
I want to install https before installing softwares.
My subdomain is
The redirection seems to be correct as if I call in a navigator, I have the default apache page.
I install certbot with this guide with snap.
The problem come with
root@dolizelec:/etc# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): mymailadress

Please read the Terms of Service at You must
agree in order to register with the ACME server. Do you agree?

(Y)es/(N)o: y

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: y
Account registered.
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel):
Requesting a certificate for
Performing the following challenges:
http-01 challenge for
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: connection
    Detail: Fetching
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Thanks for help

Hi @bensz


is your job. Your subdomain doesn't answer.

See your check, created this morning -

Domainname Http-Status redirect Sec. G -14 10.037 T
Timeout - The operation has timed out -14 10.020 T
Timeout - The operation has timed out

Only timeouts, no answer.

So Letsencrypt can't check your domain name.

A working port 80 + open firewall + correct router forward is required.

1 Like

Thanks for your reply.
The thing I don't understand is reply.
If you call in a browser, you'll see the apache default page that I modified in /var/www/html/index.html

No, I see a timeout. And my online tool sees a timeout, same with Letsencrypt.

So it's a router- or firewall problem if you see it.

Thank you.
I'll search

Which browser? Because Chrome for example tries https version of a web site if it can't connect to http and in this case https works on your side.

I use firefox.

I'm using Firefox too (Windows and GNU/Linux) and I can't reach your site, so as @JuergenAuer said, it is a firewall/router problem.

I'm searching in my router.

1 Like

Now I see an answer.

I change a parameter in my router.
The problem is now
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


Then your Apache configuration is buggy.

What says

apachectl -S

root@dolizelec:~# apachectl -S
VirtualHost configuration:
*:80 dolizelec.zelec.lan (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/"
User: name="www-data" id=33
Group: name="www-data" id=33

There you see the next problem.

No port 80 vHost with your domain name. Create one.

Thanks for your help,

LE will follow redirection.
So long as the ports are either 80 or 443.
Your current redirection would break LE redirection; as it is using 4433.

 curl -Iki
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 13 Jan 2021 09:50:56 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
X-Frame-Options: SAMEORIGIN

Thanks for reply.
I know this problem, I'm searching in my router parameters to solve.

1 Like

It might not be the router that is doing that redirection.
I would follow port 80 through your router to where it port forwards to.
There is an nginx web server there that is doing this redirection.

The nginx server is my router.

Then can you review the nginx configuration - like with a normal web server?