Standalone Timeout, Ports Open

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot certonly --standalone --key-type rsa -d -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for and
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification...
Challenge failed for domain
Challenge failed for domain
http-01 challenge for
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


My web server is (include version): None

The operating system my web server runs on is (include version):
Raspberry PI Os Lite "Debian GNU/Linux 11 (bullseye)"

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

So, duckdns properly resolves my ipv4 and ipv6.
I have disabled my ufw firewall (and rebooted my pi), just to make sure.
Made sure iptables isn't causing me trouble (It isn't, all connections allowed).
I have port forwarded my 80 and 443 ports to my raspberry from my router.
I even setup a simple python server listening on 80 and 443 ports, and
used telnet to test if I can connect to the server from a remote machine --I can-- .

I still keep getting the above error.
What could I be doing wrong?
Thank you in advance.

some possible reason:

  1. ISP blocks port 80 - nothing you can possible to do fix it, will need to use DNS-01 challange
  2. router's admin page sit on port 80/443, and it won't forward that port until you move admin page out of that port

Yes, thank you. It's likely your 1st proposal.
I have confirmed my telnet client on port 80 only works in my internal network.

But another port -say 52000- works fine from any external network as well.

1 Like

NEVERMIND. We cross-posted.

Was your "remote machine" on the public internet or just your private one?

Because I can't see anything on port 80. Can you start your test python server so we check? Or, use a cell phone with wifi off to use your provider's public internet to test access.


I have done exactly what you propose. Only my private network has proper access to port 80.

Yeah, sorry, cross-posted.

I can see your python server on 52000 using IPv4 but not IPv6 (below). For what that's worth.

This won't help getting a Let's Encrypt cert using the http challenge because only ports 80 and 443 are allowed. The DNS Challenge is possible as long as you are happy connecting to a non-standard port and configuring your server manually for HTTPS

curl -i6 -m10
curl: (28) Failed to connect to port 52000 after 5009 ms: Connection timed out

curl -i4 -m10
HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/3.9.2



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.