Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
homolog.sigec.crea-pi.org.br
I ran this command:
certbot certonly -d homolog.sigec.crea-pi.org.br --webroot -w /opt/glassfish4/glassfish/domains/domain1/docroot/
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for homolog.sigec.crea-pi.org.br
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
My web server is (include version):
Glassfish 4
The operating system my web server runs on is (include version):
Debian 12
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2.1.0
I see this using curl from the Portland, Oregon, USA metro area
$ nmap -Pn -p80,443 homolog.sigec.crea-pi.org.br
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-05-19 18:04 UTC
Nmap scan report for homolog.sigec.crea-pi.org.br (186.250.116.234)
Host is up.
rDNS record for 186.250.116.234: 234.116.250.186.itt.net.br
PORT STATE SERVICE
80/tcp filtered http
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 4.58 seconds
Well, on that same server we have another IP which is where users connect to the internet and on it the 2 ports are open, I don't know why they are filtered on the secondary IP, in the firewall ports 80 and 443 are released.
I don't know why anyone would have flagged your post that had the above quote.
But, from the public internet that IP cannot be reached. Bruce showed a link to a site that tests from many locations around the world. None of them worked. Neither from his own test server (and I can't connect from my own test server)
Try using a mobile phone with wifi disabled so use your carrier's public network. Or, try a device outside of your own network.
Something is preventing requests from the public internet reaching you.
Have you checked all your local network routing? Are you sure requests coming to the .234 IP actually reach your server? A firewall is the most common but isn't the only problem that can prevent connection. Check each piece of equipment from your public internet connection to your server and make sure each one allows this.
$ nmap -Pn -p80,443 homolog.sigec.crea-pi.org.br
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-05-20 22:39 UTC
Nmap scan report for homolog.sigec.crea-pi.org.br (186.250.116.234)
Host is up (0.17s latency).
rDNS record for 186.250.116.234: 234.116.250.186.itt.net.br
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds
Using curl and checking the .well-known/acme-challenge/ shows:
$ curl -Ii http://homolog.sigec.crea-pi.org.br/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Server: GlassFish Server Open Source Edition 4.1.2
X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.1.2 Java/Amazon.com Inc./1.8)
Content-Length: 1086
Content-Language:
Content-Type: text/html
Date: Tue, 20 May 2025 22:39:20 GMT
Problem solved, as the server has 2 cards for the internet, the main one was the default route, whenever it asked to generate the certificate, the exit route was the main one and returned via the secondary one, I included a default route whenever the secondary one was used and it worked. I thank everyone for their help.
