Certbot on CentOS 6 + Apache failing

My domain is: pbx.hdgcorp.net

I ran this command:

root@localhost:~ $ /usr/local/bin/certbot-auto --apache

It produced this output:

/opt/eff.org/certbot/venv/lib/python3.4/site-packages/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. A future version of cryptography will drop support for it.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: pbx.hdgcorp.net

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pbx.hdgcorp.net
Waiting for verification…
Challenge failed for domain pbx.hdgcorp.net
http-01 challenge for pbx.hdgcorp.net
Cleaning up challenges
Some challenges have failed.

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): CentOS 6

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

Was there more output that included the error message?

Hi @mautas

your configuration can’t work.

There are ipv4- and ipv6 - addresses - https://check-your-website.server-daten.de/?q=pbx.hdgcorp.net

Host T IP-Address is auth. ∑ Queries ∑ Timeout
pbx.hdgcorp.net A Miami/Florida/United States (US) - QuadraNet Enterprises LLC No Hostname found yes 1 0
AAAA 2607:f1c0:100f:f000::2f6 Kansas City/Missouri/United States (US) - 1&1 Internet SE yes

But checking ipv4 + /.well-known/acme-challenge/random-filename, there is the expected result http status 404 - Not Found.

Ipv6 has a http status 204 - No Content. So the validation file is invisible.

That’s critical because Letsencrypt prefers ipv6.


  • change your server that ipv6 works (good)
  • or remove the ipv6 dns entry

Thanks a lot Juergen! I did’t notice this about IPv6. IPv6 seems not to be well set up in this machine you i’ve better get that DNS record removed so I can proceed. That record is pointing somewhere else, not even the intended machine.



1 Like

Looks like 1&1 creates a standard ipv6 entry. That works if you use the hosting of 1&1, but that doesn’t work with an own hosting.

Do you have a home server or an own ipv6 address? If yes, then use that address.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.