Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: observalgerie.com
I ran this command: certbot --apache
It produced this output:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Detail: Invalid response from http://observalgerie.com/.well-known/acme-challenge/Anv0rFQaCLrLf5hP5jLOedb-06xizMsMbDebDVRYa5k [2a02:4780:8:433:0:2779:5bb6:1]: "<!DOCTYPE html>\n<html lang=\"en-us\" prefix=\"content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf:"
My web server is (include version):
Server version: Apache/2.4.46 (Ubuntu)
Server built: 2021-06-17T17:09:41
The operating system my web server runs on is (include version): Ubuntu 21.04
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.17.0
We are changing servers, so we have pointed the A value to the new IP and removed AAAA, since we're not using IPv6 on the new server. However, Certbot is trying a challenge with the old IPv6. Hence failing.
Yes, your dig command return an updated IPv6 address (that we placed in AAAA earlier, before removing it). However, certbot is still trying with the old IPv6 (starts with 2a02). As long as that IP isn't updated for certbot, we won't be able to migrate the website.
Why LE still uses your old IPv6 address could be due to propogation time for your DNS servers and the small time of caching LE does at their own servers. Not sure how long DNS results are cached, but it's not long.