SSL not working possible firewall issue?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot --apache

It produced this output: IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your certificate will expire on 2021-10-21. To obtain a new or
    tweaked version of this certificate in the future, simply run
    certbot again with the "certonly" option. To non-interactively
    renew all of your certificates, run "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
    Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu Server 21.04

My hosting provider, if applicable, is: localhost

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No - using SSH

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

I set up everything correctly and received the congratulations prompt but for some reason my site wont propagate the HTTPS so I ran a Lets Debug and received this error: ERROR
A test authorization for to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
Fetching Timeout during connect (likely firewall problem)

I am still pretty new at this so any help would be amazing ! thank you.

1 Like

For HTTPS port 443 needs to be open. It seems to be closed now. This might be due to a firewall or perhaps a missing or incorrect NAT portmap if you're using a NAT router on your home connection and your site is also served from behind that NAT router.


ooooo I dont have port 443 open (I thought I did) I will try that now and let you know the results, I am using a NAT router but I have it set to open if that matters ? Thank you so much for your fast reply. should I set it to TCP or open for both TCP and UDP ?


I'm not sure what you mean by "set to open". Do you mean your Ubuntu server is set as the "DMZ"?

Just TCP for HTTPS.

1 Like

the NAT type I have it set to open. I opened port 443/tcp do I need to restart ufw for the changes, if not, it didn't work. I am not so sure what you mean by the NAT portmap ? Ill google it and come back with results. again thank you so much! I've been having such a hard time trying to figure this out. I am used to using hosts where installing the SSL is a simple copy and paste lol

1 Like

I don't know, I don't use ufw.

When you said your host was "localhost", I assumed you're hosting the site yourself, right? Not at a hosting provider actually called "Localhost"?

1 Like

When you said your host was "localhost", I assumed you're hosting the site yourself, right? Not at a hosting provider actually called "Localhost"?

Yeah I am running it from a home server but my previous sites were all located at actual hosting companies like hostgator , Bluehost etc , thanks for the information! I do have the port forwarded to 80 am I able to make another instance where it forwards to 443 ? should it be both or can there only be one ?

1 Like

Both need to be there, you also want to keep HTTP for a) future renewals of your certificate and b) users typing in your websites hostname without using "https://" in front of it.

See also:


I think I figured it out lmk if I am wrong. but I can add a custom service I set its service name to HTTPS , set the protocol to TCP; the external port range to 443; and then set the IP to my server ?


That fixed it, the SSL is recognized but now my sites images aren't loading for some reason although they work fine with HTTP; I am sure that's for another forum though hahaha!! Best wishes!


that was an easy fix lol I just had to change the site location in my CMS. FYI if anyone has encountered the same issue.


That's often an issue indeed. We see this happening a lot with WordPress, where the sites URL in the admin needs to be changed from http://... to https://... at two places.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.