Ssl for duckdns (server on pi)

My domain is:

I ran this command:sudo certbot --apache -d

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Error getting validation data

 - The following errors were reported by the server:

   Type:   connection
   Detail: Fetching
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

My web server is (include version): apache 2

The operating system my web server runs on is (include version): NextCloudPi_RPi_12-20-19
My hosting provider, if applicable, is: ?

I can login to a root shell on my machine (yes or no, or I don’t know): I can ssh it locally

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hey there! First time here, sorry if I got something wrong. So, I have a nextcloudpi on raspberry pi to test out nextcloud. I can connect to pi via ssh locally.
After installing nextcloudpi forwarded 4443 port to 4443, so I can access to it from outside, then went to duckdns and got a domane. I can not connect to server yet because of ssl issue, google chrome does not want to let me do that.
Now I would like to get LE ssl, so I tried to use manuals. Earlier I wrote which command I tried and got stuck.
I found here close thread and solution was to check 80 and 443 ports. So I redirected 80 port to 4443 (server) and 443 to 4443. Then I got same issue. Can I get some help on that here?

1 Like

This is the wrong answer. Port 80 is HTTP; port 443 is HTTPS, so they shouldn't both be sent to the same port on your Pi. In order for Let's Encrypt to validate your domain using this method, it needs to connect via HTTP on port 80, but it wasn't able to make any kind of connection. This suggests a firewall problem, and port 80 is often blocked for residential internet (at least in .us). Can you confirm that port 80 is open?

1 Like

I have no ports open. But as I know - I will open it if i redirect 80 to 80
I did that with my smart home server (home assistant)

Upd. I redirected 80 to 80 and run that line again. Got the same issue, unfortunately

Hi @Argo

you have to change that if you want to use --apache.

Please read some basics:


Checking your domain http doesn't work -

So you can't create a certificate via --apache


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.