Certbot failed with error code (1)

Hello again!

I’ve decided I’d probably like to access Nextcloud outside of my home so decided to setup SSL following Joulinar’s very helpful guidelines on another post!

I’ve set up a domain via no-ip, installed this onto the Pi and checked the IP updates successfuly.
I’ve then logged into my router (ZTE) and configured port forwarding for 80 and 443 with my LAN IP.

When I run dietpi-letsencrypt and initiate I get ‘Certbot failed with error code (1)’

Domain: XXXXXXXX.hopto.org
   Type:   connection
   Detail: Fetching
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
[FAILED] Certbot failed with error code (1), please check its terminal output. Aborting...

As far as I’m aware I’ve set it up as instructed, I’ve also set firewall settings to ‘Low’ as opposed to the previous ‘High’ thinking this could help based on the above.

Thanks in advance!


  1. Can you check if your system is reachable via DDNS on port 80/http from internet? This is something that would need to work to get a certificate created.
  2. As well you can check on NoIP website if your IP address was correctly registered.
  3. To double check, you have forwarded port 80/443 TCP (not UDP) on your router?
  4. Do you have a VPN client running on your DietPi device?

Hi Joulinar!

I’ve had a little play and can only access the NOIP Link when the IP it points to is the local ip of the Pi (ie – once it updates to the dynamic IP it doesn’t work anymore.

No VPN is running on the device :slight_smile:


Do you have forwarded port 80/443 TCP (not UDP) on your router to DietPi device?

I believe so. I’'ve forwarded port 80 and 443 to the Pi’s LAN IP.
I’m on 64bit - could this have anything to do with the error?

this should not matter. do you have any firewall or additional security software installed?

Pls can you double check port forwarding on your router

No additional security installed and I’ve set firewall settings to Low on my Router / Macbook.
Port forwarding is set up – my ISP said I need a static IP for this to work but I presume NO IP solves this problem?


Can you check if external IP on your internet router is same as the one registered at NoIP? Can you check if you are able to access your system using the external IP directly?

All resolved – Turns out my ISP was using CG-NAT so I had to purchase a static IP.
All working now! :slight_smile:
Thanks again for the help

ah ok, good that you found it. To bad that you need to purchase something in addition.

I hope I may join you here

I have the same problem. I do not have a no-ip account but “dyn6.com”. With my registered ip at dyn6.com i can’t reach my system. In my router is another ip. it is a PPPoE account. With this IP I can reach my router.
I can not replace this IP in the account of dyn6.com. No idea why not?
The error message for letsencrypt is
[FAILURE] Certbot failed with error code (1), please check its terminal output. Aborting…


you need to ensure the IP resisted at dyn6.com is the same as the WAN IP on your router.

I have changed the Wan IP under dyn6
With this ip i can access my security gateway/router.
The port release refers to the Wan ip with 80 and 443 TCP.
The dyndns is set up on the router with the access data from dynv6.com.
But i still get the same error message when setting up letsencrypt.
I have installed the Baikal Webdav. It runs and synchronizes perfectly. But without tls encryption it makes no sense.

you need to ensure you are able to reach your system on http://<your_domain.dynv6.com>
That’s key. As soon as this is working you could try to configure HTTPS/SSL

I do not know what else I can do? With my dynv6 address I get to my router login.
By reach system, you mean the rooter, right?
Or my dietpi?

if you enter your dynv6 address you get the router login page? Then something is not correctly configured on your router. Usually you should be forward to your DietPi system

yes then i get access to the router. I am going crazy
again from the beginning:
at dynv6 i enter my wan ip. e.g.
in the router i make a port forwarding of my static ip from
dietpi e.g.
in the rooter i create the dyndns of my hostname: user, password, server etc.
At dietpi I do not have to configure anything, except letsencrypt the entry of my hostname?
Now when I enter my dynv6 host in the browser I get the following page. See picture

looks like we are one step further. Using your DDNS you are able to reach your DietPi system from internet. You should be good to go with creating your certificates on DietPi system using dietpi-letsencrypt

same error message.
I do not need to change anything in the letsencryp setting? I have a picture of this
in the certbot view in the topic the options of letsencrypt look different for me there is missing according to the picture
the option "autorenew

the picture is not up to date. Autorenew is done automatically. Nothing that needs to be set. The only thing I would recommend is to set redirect from HTTP to HTTPS. But all these settings have no influence in creating the certificate. Usually there is a log file created. If you are connected via SSH, you can scroll up once the blue screen is back. Ther you have some more information on the error.