Renewing an Existing Certificate authority failed to verify

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --apache -d -d

It produced this output: Timeout during connect (Likely firewall)
Hint: The Certificate authority failed to verify the temporary apache configuration changes made by cerbot. ensure that the listing domains point to this apache server and that is accessible from the internet.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu 18.04 lts

My hosting provider, if applicable, is:
This text will be hidden
I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
snap 2.51.1
snapd 2.51.1
series 16
ubuntu 18.04
kernel 4.15.0-147-generic

1 Like

It's hard to say without knowing your real domain, but this basically means that the Certificate Authority couldn't connect to your server on port 80, which it needs to be able to do.

Make sure any relevant firewalls allow traffic on this port and that you have done any port forwarding as needed.

You can confirm whether your server is accessible on port 80 with a tool like


Thanks for the prompt reply, you were right I got error message: but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

But the port 80 is enabled in the hosting server and on physical firewall. Where else do I have to look for?

Thanks in advance!

1 Like

If everything looks right on your end:

  • Port 80 is enabled on the server
  • Port 80 is open on all firewalls
  • Port 80 forwarded on any modem/routers

then you might want to start investigating whether your ISP is blocking port 80 traffic. Unfortunately, many do, but they will tell you if you ask them.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.