TLS-SNI-01 challenge failed due to not able to listen on port 443


Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output: failed TLS-SNI-01 challenge

My operating system is (include version):Ubuntu 16.04

My web server is (include version):Apache 2.4

My hosting provider, if applicable, is:home server

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


You haven’t said what command you ran ( so I’ve no idea what client even you are running ).

is your domain accessible on port 443 from the general internet ? (I can’t check, since you didn’t provide a domain name either )


Sorry for the miss…
I’m running a nextcloud server listening on port 8443. I use a dynamic DNS from Since I have DHCP setup, my ISP provider blocks me from using port 80 & 443. I use certbot client.

Thanks again for your support.


Let’s Encrypt requires ports 80/443 for it’s challenge - so you won’t be able to use certbot.

There is another way which allows you do obtain a certificate by adding the token into your DNS records as proof of ownership / control. The Bash and GO alternative clients support this, currently certbot doesn’t though.


Thank you very much for your great support. I appreciate.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.