Failure to Renew Let'sencrypt Certiciate for domain with error: Some challenges have failed

OS type and version Ubuntu Linux 20.04.3
Webmin version 1.984
Virtualmin version 6.17-3

Hi, a newbie here.

My SSL expired for two of my domains siteinspecta dot com and seocentraltools dot com because the autorenewal feature didn’t work and for the last 24 hours i have been trying to renew the certificates with no luck. Browsed through the forum and nothing so far helped.

I am using contabo and i did set up my DNS correctly even for webmail.domain and admin.domain of the two domains.

I also installed certbot latest version and everything but no luck

When renewing manually, this is the error i get…

Processing /etc/letsencrypt/renewal/

Renewing an existing certificate for siteinspecta dot com and 4 more domains

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: admin.siteinspecta dot com
Type: connection
Detail: Fetching Invalid port in redirect target. Only ports 80 and 443 are supported, not 10000

Domain: webmail.siteinspecta dot com
Type: connection
Detail: Fetching Invalid port in redirect target. Only ports 80 and 443 are supported, not 20000

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Failed to renew certificate siteinspecta dot com with error: Some challenges have failed.

“Sorry i had to use dot com in some places because it says new users can only add two links”

Please i need help Thanks

You’ve broken your rewrites somehow.

They should look like this:

    RewriteEngine on
    RewriteCond %{HTTP_HOST}
    RewriteRule ^(?!/.well-known)(.*) [R]
    RewriteCond %{HTTP_HOST}
    RewriteRule ^(?!/.well-known)(.*) [R]

Note the exclusion of .well-known. Without that, Let’s Encrypt is seeing the rewritten URL and trying to validate port 10000 or 20000, which it obviously refuses to do.

@Joe Thanks for your help.

I think i have it the same way as you can see from the image. I have the .well-known. in there.

Hmm…I dunno?

You can temporarily get past the issue by just not requesting the cert for those domains (on the Let’s Encrypt page, choose to only request the domains you list and don’t list the problematic ones).

@Joe I did that by requesting for example,, and… Same for the other domain. Still the same result. The certificate wont renew…

How can it be the same result? None of those should have a rewrite rule that applies to them.

@Joe Exactly, none of those has a rewrite rule that applies to them, but somehow, it just wont work.

@Joe Its working now after i did it again for the 3 above excluding the other two. Thanks for your help.

I just hope i wont run into other issues in the future… Appreciate it.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.