Hi @jerdna,
Take a look to this announcement https://community.letsencrypt.org/t/preferring-ipv6-for-challenge-validation-of-dual-homed-hosts/347741
As a resume, your domain has 2 ips, one for ipv4 and one for ipv6. You are answering on ipv4 address but not on ipv6 address. In this situation Let's Encrypt should fallback to ipv4.
$ curl -I4kL si.cx
HTTP/1.1 200 OK
Date: Thu, 25 May 2017 15:28:23 GMT
Server: Apache/2.2.16 (Debian) DAV/2 mod_ssl/2.2.16 OpenSSL/0.9.8o mod_fcgid/2.3.6
X-Powered-By: PHP/5.4.23
Vary: Accept-Encoding
Content-Type: text/html
$ curl -i6kL http://si.cx
curl: (7) Failed to connect to si.cx port 80: Connection timed out
@jsha, @cpu, one more buddy with this issue. In this case, no connection is possible to ipv6 address so it should fallback to ipv4, right?.
That is because www.si.cx doesn't have an AAAA record but si.cx does.
You should configure your server correctly to accept the ipv6 address of si.cx or remove the AAAA record from your DNS.
Cheers,
sahsanu