SSL certificate request fail

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --apache -d

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Error getting validation data

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Hello @bozhich, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using this online tool Let's Debug gives results here showing that Port 80 is not open.

You are using the HTTP-01 Challenge Type which requires Port 80.
Best Practice - Keep Port 80 Open


I believe this is an issue:

And some supplemental information:

$ curl -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Dec 2022 20:15:41 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1

e6430-i5$ nmap
Starting Nmap 7.91 ( ) at 2022-12-28 12:15 PST
Nmap scan report for (
Host is up (0.19s latency).
rDNS record for
Not shown: 998 filtered ports
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 15.72 seconds

1 Like

Hello @Bruce5051,

I'm pretty sure that port 80 is opened but I allowed it again, anyway.

Still having the same issue...

1 Like

Yes it is; but the redirect from to I believe the problems

  1. You are going to an IPv4 address with the redirect not a Domain Name
  2. You are missing a / here :8080.well-known before the .well-known

Yes, it redirects to an IP address. Firstly, it was the public IP address that leads to the domain name and i was accessing the cloud with But that wouldn't work for the certificate that's why i tried the redirection thing. Now i made the changes back with the public IP. Waiting for the changes to apply and will write here.

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher. Rate Limits are per week (rolling).

1 Like

I see improvement from my location

$ curl -I
HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 20:54:43 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
1 Like

Using this online tool I gave as the input and check HTTP
here is the Permanent link to this check report
and from around the world there is Connection timed out.

But I can connect

$ curl -I
HTTP/1.1 200 OK
Date: Wed, 28 Dec 2022 21:08:03 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
1 Like

Still problem. I can connect as well...

Yet I cannot connect from Windows Chrome or Firefox. :frowning:

Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.

1 Like

Can you try with I'm connecting with no problems...

LE will NOT authentication over port 8080.
So, it matters not if that works.


Yes with Windows Chrome and Firefox.

$ curl -I
HTTP/1.1 302 Found
Date: Wed, 28 Dec 2022 21:17:49 GMT
Server: Apache/2.4.52 (Ubuntu)
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Set-Cookie: ocj5rgb579n7=meev5lthgpo85dp3mnl8tq9uuo; path=/; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=MfHWC93IHZUqTu1xPs0WT15Raa2BlnnyBgIW8KYPXAaKjrMLU3dHgImmhdKmpLggjsD1GHZpLbzNWCrSP%2FH%2FzTsColXL1bxbbS7lbtX5P8SwPU%2FaXJKA%2FGEwsRxjF50k; path=/; HttpOnly; SameSite=Lax
Set-Cookie: ocj5rgb579n7=tuvu3id5ptfiuu9uvt3e344iff; path=/; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-THYrNEU0azR6UCthNTAva2ZZQW1pYWFjRmZvaEJGajZlWU94bG43QXVuYz06WDhxTFZLWkx0SmZMdGhxaU1QZ1M2dTNYWjhOVFJqU3VRTkQwN3hIMmtTOD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Content-Type: text/html; charset=UTF-8

1 Like

Which port should i use?

Best Practice - Keep Port 80 Open


Port 80 is the only option for HTTP-01 challenge:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.