Renewing an existing certificate

Hello, I need your help please :slight_smile:

I want to renew my certificate and I got this error

My domain is:

I ran this command: certbot renew --cert-name --nginx

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Renewing an existing certificate for

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Failed to renew certificate with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.2

Also is there a way to reinstall an existing certificate ?


1 Like

Is it the same problem you had here Renewing an existing certificate


Thanks for your reply. I was the one who had this problem but this time it's not due to a router problem because port 80 and 443 are open.


@sing0021 are you willing to provide the Domain Name?
Can you try using Let's Debug?
And please use the Staging Environment - Let's Encrypt until you get the issue resolved,
as there are Rate Limits - Let's Encrypt.


That depends...
Reinstall it into what?
If certbot was able to install it before, then, yes, it can be told to do that again.


Not from the perspective of the Let's Encrypt validation server(s). A timeout wouldn't occur if port 80 was open.


Here is an online tool you can use to TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid
It take an IPv4 or IPv6 address to scan, and select Scan all common ports.

But if you would be willing to share your Domain Name, that would be most helpful.

Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

1 Like

are you willing to provide the Domain Name?

@Bruce5051, I really don't have the right to provide this unfortunately.

Can you try using Let's Debug ?


ERROR has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

A timeout was experienced while communicating with Get "": context deadline exceeded

@0ms: Making a request to (using initial IP
@0ms: Dialing
@10000ms: Experienced error: context deadline exceeded



A test authorization for to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued. Fetching Timeout during connect (likely firewall problem)

That depends...
Reinstall it into what?
If certbot was able to install it before, then, yes, it can be told to do that again.

@rg305, I would like to rule out an error in my .pem files

@Osiris and @Bruce5051, I have this output



That is not an HTTPS issue.
HTTP is being blocked at the firewall or by the ISP.


If you cannot get Port 80 open to the Internet, could you use the DNS-01 Challenge type for this domain?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.