When you try to enable SSL for your newly deployed app with the dokku letsencrypt:enable <app-name> command, you might get the following error:
=====> Enabling letsencrypt for <app-name>
-----> Enabling ACME proxy for <app-name>...
-----> Getting letsencrypt certificate for <app-name> via HTTP-01
- Domain '<example.com>'
2026/05/16 10:04:30 [INFO] [<example.com>] acme: Obtaining bundled SAN certificate
2026/05/16 10:04:31 [INFO] [<example.com>] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/<auth-id>/<auth-token>
2026/05/16 10:04:31 [INFO] [<example.com>] acme: Could not find solver for: tls-alpn-01
2026/05/16 10:04:31 [INFO] [<example.com>] acme: use http-01 solver
2026/05/16 10:04:31 [INFO] [<example.com>] acme: Trying to solve HTTP-01
2026/05/16 10:04:36 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/<auth-id>/<auth-token>
2026/05/16 10:04:36 Could not obtain certificates:
error: one or more domains had a problem:
[<example.com>] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: <ipv6-address>: Invalid response from http://<example.com>/.well-known/acme-challenge/<challenge-token>: 404
-----> Certificate retrieval failed!
-----> Disabling ACME proxy for <app-name>...
! Failed to setup letsencrypt
! Check log output for further information on failureThis usually means Let’s Encrypt can reach your domain over HTTP, but the request is not being routed correctly to Dokku’s ACME challenge response.
One likely issue is that your application is not reachable on port 80. The following command fixes that:
dokku ports:set <app-name> http:80:<container-port>This maps incoming HTTP traffic on the server’s port 80 to the app’s container port, allowing Dokku to serve the HTTP-01 challenge correctly.
Self-Host Like a Pro: Dokku, Hetzner and Cloudflare
Learn how to self-host your applications on a Hetzner VPS with Dokku and Cloudflare.
Catalin Pit