Two domains, but only one will certificate with certbot

My domain is:

I ran this command: sudo certbot --apache

It produced this output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: During secondary validation: Fetching Connection refused


My web server is (include version): Apache 2.4.38 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 19.04

My hosting provider, if applicable, is: Contabo

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is certbot 0.31.0


I have two domains running on this server. runs fine and has a certbot certificate created and running nicely. But will not play ball.

Please help, I have no hair left to pull out!



Welcome to the Let's Encrypt Community, Bill :slightly_smiling_face:

Sorry you're having such trouble. I've been taking a look into things.

The first thing I noticed was that is not included in the certificate it is serving, which will result in browsers refusing the certificate, but won't prevent certbot from acquiring a certificate for


Hi @zeltus

if you have that error, then the main Letsencrypt server can check your domain.

But secondary servers are blocked.

Looks like you have a regional firewall or something else, that blocks (sample: Some ip addresses).

Find and remove that.


And, for no obvious reason, it is now working.... :slight_smile:

No idea why, but hey, so long as it works, I'm happy. Well, that's not quite true, I'd like to know what is going on, I am fairly web literate but certificates are a new thing to me, me being old-school an' all.

Thanks for looking into this guys, much appreciated.


Thanks reporting back - :+1:

Sometimes, these secondary checks are too slow, so there are timeouts. May be

Service status: Planned Maintenance

produces that sometimes.

Or you have used the wrong time, never start such jobs 00:00, 01:00 or 01:15 etc. Always add a random value.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.