Creating only subdomain cert with certbot

I'm trying to get cert for my subdomain. I can create file with data listed above and wget or curl it.
But certbot is trying to check main domain where i don't have access to dns zone or ftp account.
Is that a bug or proper action?

My domain is:

I ran this command: certbot certonly --manual -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1):
Requesting a certificate for
Performing the following challenges:
http-01 challenge for

Create a file containing just this data:


And make it available on your web server at this URL:

Press Enter to Continue
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Invalid response from
    []: "<html lang="en"><meta
    charset="utf-8"><meta http-equiv="X-UA-Compatible"
    content="IE=edge"><meta name="view"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
Server version: Apache/2.4.6 (CentOS)
Server built: Oct 19 2017 20:39:16

The operating system my web server runs on is (include version): Centos 7

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

This looks to me like an IPv6 issue. Your domain's IPv4 address responds with the Apache server, but its IPv6 address responds with a server running IdeaWebServer.

You'll want to make sure that both your IPv4 and IPv6 addresses point to your Apache server. If your Apache server doesn't have an IPv6 address, you'll want to remove the domain's AAAA DNS record.

1 Like

Now only the IPv4 address is returned by DNS, and the IPv4 service shows:
Server: IdeaWebServer/2.0.5

Is this the correct IP for your system?:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.