Can not register a domain from the same server via nginx proxy

Please help, I run a proxy server to pass request to internal servers. Letsencypt renew worked with most domain/ sub domains but not with this domain (
My domain is:

I ran this command:
sudo certbot certonly -d --debug-challenges --dry-run
It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Type: unauthorized
Detail: 2001:ee0:305:a::301: Invalid response from 404
My web server is (include version): nginx/1.14.1
The operating system my web server runs on is (include version): CentOs 8
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.31.0
The above command work successfully with and
Please help!

Your A record and your AAAA record are pointing to different machines. Point them both to the same one. :wink:


The proxy server machine has address of and on the internal DNS server I have all the domains ( and, pointed at this address. (
I don't really understand the issue!

Do you see this difference?

# curl -4 -IL
HTTP/1.1 404 Not Found
Server: nginx/1.14.1
Date: Fri, 14 Oct 2022 09:42:47 GMT
Connection: keep-alive

# curl -6 -IL
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Content-Length: 246

So it means that I have to modify/remove the IPV6 DNS record of the This is so strange because last year (<90 days) ago, the auto renewing of worked. I did not touch this letsencrypt SSL since 2 years ago then!

Somebody probably messed up with DHCP or SLAAC.

Find out your new IPv6 and update the record.


Thanks 9peppe for your suports! it might be the upgrade of the dns service provider!
Anything I can do from proxy server (i.e Mapping on the firewall?)

I don't know enough about your system to tell.

It should just work once you correct the records.


My system is below:
Proxy server handles all request to different internal servers using 1 single public ip address!
I am not very knowledgeable at nginx configuration.
So far, please share a bit more with me on where possible I can do to avoid asking the DNS provider to remove AAAA record!

You should find out the proxy server's IP addresses and put those in your A and AAAA records.

From the proxy server shell:

curl -4


curl -6

NB, IPv6 could just go around your proxy server, and make the internal server answer directly. You should also check that.


Finally, I told the DNS guy to delete the IPV6 address
Great thank 9peppe!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.