The server could not connect to the client to verify the domain: Timeout

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot --nginx -d -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for
tls-sni-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout, (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout


  • The following errors were reported by the server:

    Type: connection
    Detail: Timeout

    Type: connection
    Detail: Timeout

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

So, I’m also not able to access that over port 443. Are you sure you have firewalls/port forwarding configured to allow the public internet to access that server on port 443? This is needed for the nginx plugin, as it uses the tls-sni-01 authentication method.

# openssl s_client -connect
socket: Connection timed out

Thanks! The guide I was following somehow left out port 443. Working great now.

You’re very welcome! That guide may have been written back before nginx was as well-supported in Certbot as it is now - it used to use the http-01 challenge type instead, which works over port 80. Would you mind linking the guide you used here so we could attempt to contact the author to update it? There’s been an ongoing effort to get as many old tutorials cleaned up as we can. :slightly_smiling_face:

1 Like


Here’s the link to the guide:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.