Challenge failed for domain

My domain is:

I ran this command: certbot -v

It produced this output:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Type: unauthorized
Detail: 2a02:4780:b:1058:0:e1c:bcb8:2: Invalid response from 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
Server version: Apache/2.4.56 (Debian)
Server built: 2023-04-02T03:06:01

The operating system my web server runs on is (include version):
Debian v11.9

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No, i have a vps

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.9.0

My problem is that certbot does not generate the ".well-known" folder
I am executing the certbot command with the root user,
ServerRoot permissions "/var/www/html/api-rest" are www-data

Welcome to the community @ggomez

No, I don't think that is the problem. Your IPv6 address (the DNS AAAA record) points to a LiteSpeed server. Your IPv4 address (A record) points to Apache.

Let's Encrypt prefers IPv6 when the AAAA is present. You should update the AAAA record to be the public IP of your Apache server.

There are many ways to find it. One is to run this command on Apache machine

curl -6

Also see


Also, if your Apache server simply does not have an IPv6 address, you can remove the AAAA record from your DNS records to avoid confusing IPv6 enabled apps, currently if a user browsed to your website from an IPv6 enabled machine they would get the wrong website.


Aside from the incorrect IPv6 address, the IPv4 address has an HTTPS issue:

HTTP port

curl -Ii4
HTTP/1.1 200 OK
Date: Wed, 21 Feb 2024 04:37:21 GMT
Server: Apache/2.4.56 (Debian)
Last-Modified: Tue, 20 Feb 2024 22:20:49 GMT
ETag: "3377-611d79f6163e8"
Accept-Ranges: bytes
Content-Length: 13175
Vary: Accept-Encoding
Cache-Control: max-age=7200, no-cache
Content-Type: text/html

HTTPS port

curl -Ii4
curl: (35) error:0A00010B:SSL routines::wrong version number

curl -Ii4
HTTP/1.1 200 OK
Date: Wed, 21 Feb 2024 04:37:23 GMT
Server: Apache/2.4.56 (Debian)
Content-Type: text/html;charset=UTF-8

Let's start to fix this problem by having a look at:

sudo apachectl -t -D DUMP_VHOSTS


Thanks for the help, I corrected the AAAA record by adjusting the ipv6 to my domain.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.