I am having the following issue during the certificate renewal process. Has anyone experienced something similar?
www.grupomaxifarma.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:connection, error detail: 189.112.136.193: Fetching http://www.grupomaxifarma.com/.well-known/acme-challenge/gvv2OsGFV7IrAtonUMjv-szoRJY5qDZ1aIbiioXtiGI: Error getting validation data
Hello @rodrigoemeira, welcome to the Let's Encrypt community. 
More details would really be helpful, that is
And to assist with debugging there is a great place to start is Let's Debug.
I am guessing a firewall is filtering Port 80.
$ nmap -Pn -p80,443 www.grupomaxifarma.com
Starting Nmap 7.80 ( https://nmap.org ) at 2024-06-12 19:17 UTC
Nmap scan report for www.grupomaxifarma.com (189.112.136.193)
Host is up (0.20s latency).
rDNS record for 189.112.136.193: mail.distribuidoramaxifarma.com.br
PORT STATE SERVICE
80/tcp filtered http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 3.59 seconds
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Thank you for assisting us in helping YOU!
Edit:
Best Practice - Keep Port 80 Open
And Let's Debug is getting the same basic results.
https://letsdebug.net/www.grupomaxifarma.com/2025376
ANotWorking
ERROR
www.grupomaxifarma.com has an A (IPv4) record (189.112.136.193) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://www.grupomaxifarma.com/.well-known/acme-challenge/letsdebug-test": dial tcp 189.112.136.193:80: connect: no route to host
Trace:
@0ms: Making a request to http://www.grupomaxifarma.com/.well-known/acme-challenge/letsdebug-test (using initial IP 189.112.136.193)
@0ms: Dialing 189.112.136.193
@3487ms: Experienced error: dial tcp 189.112.136.193:80: connect: no route to host
IssueFromLetsEncrypt
ERROR
A test authorization for www.grupomaxifarma.com to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
189.112.136.193: Fetching http://www.grupomaxifarma.com/.well-known/acme-challenge/OfdanbMeqTS7y_wekpJ0GuDyABWDrAIsPh20kVTh05c: Error getting validation data
Yes, many people 
Answers to the questions on the form you should have been shown would have been helpful.
But, the problem is your domain cannot be reached from the public internet. This is required to get a cert using the HTTP Challenge.
Often this is because the IP in the DNS is no longer correct. Or, a home router or similar equipment has been changed and is not yet configured properly.
In your case I am guessing it is related to routing of port 80 in your router or networking config.
You could try a mobile phone with wifi disabled to test from your carrier's public network. Or, use the Let's Debug test site to test any changes you make.
Thank you, it worked. That was the issue. Port 80 on my Sophos firewall was conflicting with some rules for some reason
You are very welcome, @rodrigoemeira!
Have a pleasant day.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.