Certbot Renewal - Issue with IPV6 Address and Web Server Configuration

reducing the process to manual mode, i am here

./certbot-auto certonly --manual --preferred-challenges http -w /var/www/domain -d domain.net

but i can access the link from a browser

Failed authorization procedure. domain.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.net/.well-known/acme-challenge/MjD6H_lxC7Fut1sSe1vXGi_pwTvA5_uM2NAAolpPP-g: "

404 Not Found

Not Found


previously, i was using letsencrypt-auto on debian 7 apache but had python version issue, thought i would update to certbot


Hi @bob247

When you created this post it asked you a bunch of question

If you would like help then it’s best to fill those out (such as your domain name) without your domain name it’s hard for others to verify that your folders have been setup correct and your web server is behaving as it should be.


sorry, i missed the questions

the domain is sms2.net


@bob247, the problem is that you have defined two DNS records for sms2.net.

One for ipv4

$ dig sms2.net A +short

One for ipv6

$ dig sms2.net AAAA +short

But your web server is only configured for ipv4:

$ curl -i4  http://sms2.net/.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64
HTTP/1.1 200 OK
Date: Tue, 23 May 2017 12:40:00 GMT
Server: Apache
Last-Modified: Tue, 23 May 2017 07:19:25 GMT
ETag: "25568-57-5502bceb47b65"
Accept-Ranges: bytes
Content-Length: 87


As it is not configured for ipv6, it gaves the 404 not found error, I suppose because is not reaching the VirtualHost conf but the default conf of your web server.

$ curl -i6  http://sms2.net/.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64
HTTP/1.1 404 Not Found
Date: Tue, 23 May 2017 12:40:06 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1

<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL /.well-known/acme-challenge/FCKGqo-mRMrNlvRoIEV_go8AKp9VUMmm6YBYpYcvk64 was not found on this server.</p>

Since a few days, if the domain has 2 records, A and AAAA Let’s Encrypt will prefer AAAA instead of A, before the last change ipv4 was prefered but, you know, that has changed.

To solve your issue you have two options:

A) If you don’t want to serve your site with ipv6, remove the AAAA record for your domain.
B) Configure your web server to attend requests for your domain with ipv6.

Good luck,


Thank you for your help sahsanu, much appreciated

This was the problem, certbot has now renewed the certificate


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.