Unable to authenticate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: garpit.truenascore.one

I ran this command:certbot --apache

It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: garpit.truenascore.one
Type: connection
Detail: mypublicip: Fetching http://garpit.truenascore.one/.well-known/acme-challenge/D9WpBLxF84x6ir9epCvuPeKfL_s6PphwqeYpjY4no_Q: Error getting validation data

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

(note i already allowed http and https on ufw)

My web server is (include version):Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:Ubuntu 22.04.1 LTS

I can login to a root shell on my machine (yes or no, or I don't know):yess

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.4.0

HTTP requests to your domain name are failing from the public internet. Review your comms configs. If at home, check your router and any port forwarding. Make sure the DNS A record has your correct public IP address.

This test site is helpful when setting up new system


Hi @cptnmo109, and welcome to the LE community forum :slight_smile:

It seems there is more to it than that.
Are you able to reach your site from the Internet via HTTP?
I can't:

curl -Ii http://garpit.truenascore.one/.well-known/acme-challenge/D9WpBLxF84x6ir9epCvuPeKfL_s6PphwqeYpjY4no_Q
curl: (56) Recv failure: Connection reset by peer

hi thanks for the reply,
Um yeah i just tested it too, it seems like somehow my ubuntu ignoring all the firewall rules that i set .... I dont know why
i already look at other forum about my problem but i still havent found the answer yet

It only happens on my ubuntu though , ive tested setting up server on windows it work just fine....

1 Like

Try showing:
ufw status verbose


It is allowing connection from anywhere both http and https

Well, obviously something isn't letting that happen.

Is there a NAT device involved?


Yeah it might be because a network conflict between my windows and ubuntu device i might have to reset my configuration

Thanks for the answer btw

1 Like

The more you show = the more we know
The more we know = the sooner we find the problem
The sooner we find the problem = the sooner it will get fixed
The sooner it will get fixed = the sooner we get to celebrate our victory


Nope there is no NAT device

That leaves me with more questions than the answer.
You mention Windows and Ubuntu...
Same server?
Multiple servers?


Different server one run ubuntu and one run windows

Getting closer...

So how are they each reached FROM the Internet?
Multiple Internet IPs?


FYI: "Port Forwarding" is a form of NAT

i.e. If you don't see the public IP when you do "ifconfig", then something is translating that public IP to your internal IP = a.k.a. [some form of] NAT is going on.


Ah i see
So im behind a NAT, and i think my mistake is having 2 machines that runs in the same public ip that have the same port open on each machine..

A single port can only be forwarded to one internal IP.
When multiple internal IPs have to share an external port, some sort of proxy must be used.


Rookie mistakes :sweat_smile:

Thank you for the help


Live and learn [and teach] :slight_smile:

Cheers from the other side of the planet :beers:
-rg305 Miami, FL, USA


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.