The server could not connect to the client to verify the domain ERROR

Hi folks,

I know there are some topics like mine in the forum but they doesn’t help me yet.

We have a nginx reverse proxy on a CentOS-System. Months before I got my Letsencrypt certificate with these command:

./letsencrypt-auto certonly --standalone -d

…everything works fine.

No I want to create a new certificate for and it doesn’t work.

My nginx configuration for this domain:

server {
  listen      80;
  return 301 https://$server_name$request_uri;

server {
   listen ssl;
    ssl_certificate      /etc/letsencrypt/live/random/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/random/privkey.pem;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_prefer_server_ciphers  on;
    location / {
        proxy_pass https://localhost:5443/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;

The certbot got an update and I tryed the command:

./letsencrypt-auto certonly --standalone -d

I just get the following error:

Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Timeout

 - The following errors were reported by the server:

   Type:   connection
   Detail: Fetching

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

For the command, Ive shutdown the firewall and checked the hostname…everything is fine.

Has anybody an idea?

You’re using the http-01 verification method, so LetsEncrypt is trying to contact your server ( on port 80, which is timing-out. I’m trying it myself from my VPS and I see the same:

telnet: connect to address Operation timed out

Hi mproto,

which method should I use for https?! How does the command looks like?!

Thx for your assistance!

As far as I know there is no method to try HTTPS directly, though your nginx configuration does indicate it should redirect all HTTP traffic to HTTPS, which should work (I renew my certs this very same way).

The fact that HTTP isn’t reachable on your IP to perform the redirection seems to be the problem. Do you have a firewall or other network device that is blocking port 80 traffic?

Here’s what I’m doing when I try to test it myself, from my VPS:

$ telnet 80
telnet: connect to address Connection timed out


OMG, now it works. Our firewall has redirected the port 80 to 443, then I used this command on the nginx:

./certbot --authenticator standalone --installer nginx -d --pre-hook “service nginx stop” --post-hook “service nginx start”

Thx for your help!!!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.