Add domain to existing cert failing


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: /opt/letsencrypt/certbot-auto certonly --manual --debug-challenges -d,,,,,,,

It produced this output:
Cleaning up challenges

Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from “<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p”


  • The following errors were reported by the server:


Type: unauthorized

Detail: Invalid response from


2.0//EN">\n<html><head>\n<title>404 Not

Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-04-18T14:53:04

The operating system my web server runs on is (include version):
Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0


Hi @lkulberda

I didn’t checked the other domains. But this domain has ipv4 and ipv6 - addresses

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 1 0
AAAA 2600:3c03::f03c:91ff:fedb:4999 yes A yes 1 0
AAAA yes

And there are different answers and servers:

Domainname Http-Status redirect Sec. G 200 0.220 H
2600:3c03::f03c:91ff:fedb:4999 403 0.216 M
Forbidden 200 0.220 H 400 2.437 N
Bad Request
Certificate error: RemoteCertificateNameMismatch
2600:3c03::f03c:91ff:fedb:4999 200 2.954 N
Certificate error: RemoteCertificateNameMismatch 400 2.157 N
Bad Request
Certificate error: RemoteCertificateNameMismatch 404 0.220 A
Not Found
2600:3c03::f03c:91ff:fedb:4999 404 0.203 A
Not Found 404 0.217 A
Not Found

Such different answers are not good.

K, Status 200 2600:3c03::f03c:91ff:fedb:4999, Status 403
configuration problem - different ip addresses with different status
K, Status 400 2600:3c03::f03c:91ff:fedb:4999, Status 200
configuration problem - different ip addresses with different status

Your ipv4 has a

Server: Apache/2.4.18 (Ubuntu)

your ipv6 a

Server: Apache/2.2.15 (CentOS)

So perhaps this is a server of your hosting or something else.

Perhaps remove the ipv6 address.



d’oh! Stupid copy/paste error that i’ve been staring at for hours. Thanks so much for the quick response and resolution!



Not all names return IPv6 addresses.
Some only have IPv4.
[if that helps any]

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.