The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:certbot certonly --standalone --preferred-challenge http -d

It produced this output:
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):Apache/2.4.54 (Debian)

The operating system my web server runs on is (include version): Debian GNU/Linux 11 (bullseye)

My hosting provider, if applicable, is: Self Hosting

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.30.0

Hello @cwanyuts, welcome to the Let's Encrypt community. :slightly_smiling_face:

You ran

However I can access the web site from Window 10 Firefox 108.0.1 (64-bit);
so I suspect that --standalone is not able to spin up its server since Port 80 is in use.

$ curl -I
HTTP/1.1 404 Not Found
Date: Fri, 23 Dec 2022 21:42:08 GMT
Server: Apache/2.4.54 (Debian)
Content-Type: text/html; charset=iso-8859-1

$ nmap
Starting Nmap 7.80 ( ) at 2022-12-23 21:46 UTC
Nmap scan report for (
Host is up (0.30s latency).
rDNS record for
Not shown: 996 filtered ports
53/tcp  closed domain
80/tcp  open   http
113/tcp closed ident
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 16.98 seconds

$ nslookup

Non-authoritative answer:


Thanks @Bruce5051
Which option should i be using??


The Certbot documentation Welcome to the Certbot documentation! — Certbot 2.1.1 documentation , it the best help I can offer.
Kindly wait for knowledgeable Certbot & Apache community volunteers to assist.


The --apache plug-in will get a cert and update your Apache config to use it. That is, it will setup your HTTPS (port 443) VirtualHost. Something like:

certbot --apache -d

If you want to configure your Apache config manually for HTTPS use the --webroot method. This only gets the cert. Like this:

certbot certonly --webroot -w (path to DocumentRoot) -d

See the certbot docs for details:


Sorry wrong thread.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.