Problem with certificate - renew using certbot renew


Please i need your help. i have a problem with renewing my existing certificate with certbot.

I ran this command: certbot renew

It produced this output:
certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…

Plugins selected: Authenticator webroot, Installer None

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for

Waiting for verification…

Cleaning up challenges

Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Timeout during connect (likely firewall problem). Skipping

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)


  • The following errors were reported by the server:

Type: connection

Detail: Featchig Timeout during connect (likely firewall problem)

The operating system my server runs on is CentOS

I can login to a root shell on my machinei sent “certbot -renew” from my root shell

The version of my client is: certbot 0.29.1

Hi @dlacomba

see your check, ~~one hour old -

Domainname Http-Status redirect Sec. G -14 10.017 T
Timeout - The operation has timed out GZip used - 4816 / 13038 - 63,06 % Inline-JavaScript (∑/total): 2/6794 Inline-CSS (∑/total): 0/0 200 Html is minified: 342,92 % 6.680 B -14 10.023 T
Timeout - The operation has timed out

https answers, http not.

So http validation can’t work. A working port 80 is required.

1 Like

The “likely firewall problem” is usually correct in this case—port 80 may be “working” on the web server (from Certbot’s point of view, at least) but inbound connections to it are still blocked by a firewall. If there were no firewall, we would expect to see “connection refused” rather than “timeout”.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.