It had been difficult to get the certificate on our server since February 19th.
Run the query 3 times at
ams.unboundtest.com
Our problem was solved.
This is a universal solution.
Thank you very much
This text has been translated into English at Google Translate. 
Can you guide me why the results are different over time?
1: https://unboundtest.com/m/A/shintajim.ir/7BODYSU2
2: https://unboundtest.com/m/A/shintajim.ir/CTGTVGGT
…
We were able to renew the certification for only two domains and then our problems returned again!
Please tell me what the problem is?
The results look the same. Each resolves to the address 158.58.190.66 .
Thanks for your post. 
After thirteen days, suddenly, at about eleven o’clock today we were able to get two new certificates for active domains on our server, but then again we had the same problem.
Is there a way to help us solve our problem?
I’ve moved your post to a new topic so we can discuss it more clearly. Could you please fill out the following information?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Our company offers online site building tools like wix.com
To date, we have received certification through letsencrypt.org for over one hundred and fifty sites from our subsidiary.
But since February 19th, when the new domain approval process has begun, the process of obtaining and renewing our certification has been difficult for us, including for the site shintajim.ir
My domain is: poopesh.com
I ran this command: ssh: letsencrypt.sh request shintajim.ir 4096
It produced this output:
Requesting new certificate order…
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/3146088983…
Processing authorization for shintajim.ir…
Waiting for domain verification…
Let’s Encrypt was unable to verify the challenge. Unable to update challenge :: authorization must be pending. Exiting…
My web server is (include version): Apache (v: 2.4.28) && Nginx (v: 1.13.6) as Reverse Proxy
The operating system my web server runs on is (include version): CentOS 6.0 64-Bit
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DirectAdmin (v: 1.60.3)
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Thank you very much for your good follow up 
Please help us fix our problem. 
Hi @poopesh
if you see such an error message, the client you use is buggy.
Looks like that client tries to confirm a challenge, but the authorization of that challenge isn't pending.
May be an older challenge / authorization that is already invalid.
hi
Thanks for the answer
But I must emphasize that this problem has appeared for a while since changing the domain authentication procedure on your server side.
The certification process is done through the DirectAdmin, the latest version of letsencrypt.sh is dated 2020-02-19 (though the test with other versions has also failed).
Please also take a look at this link you may notice a problem.
https://acme-v02.api.letsencrypt.org/acme/authz-v3/3146088983
While according to testing tools
https://unboundtest.com/m/A/shintajim.ir/UGG5WLDJ
This problem shouldn’t happen !? 
That's
a different error.
During secondary validation:
Letsencrypt has added the multi perspective validation
So your challenge is checked from different networks.
The error says: Letsencrypt is able to check the challenge. One of these other validations doesn't work.
May be a regional firewall.
I quickly looked at the source code of your ACME client, just before the error message
Let's Encrypt was unable to verify the challenge. ..., there is the keyword "keyAuthorization" used in the generated jws. That keyword is not in use in the ACME v2 protocol, it is part only the ACME v1.
As a consequence the ACME client must be buggy. It is important to fix the client, before going forward.
(here is my client: GitHub - bruncsak/ght-acme.sh: Get publicly trusted certificate via ACME protocol from LetsEncrypt or from BuyPass )
Your help fixed our issue.
We changed the certificate script in the admin directory,
Before you start receiving any certification,
First delete the old account, from the address
/usr/local/directadmin/conf
That is, every time before getting the certificate, a new letsencrypt.key is built,
In this way, the process of obtaining a certificate is smooth.
Thank you all dear for helping us.
@ bruncsak
@ jsha
@ JuergenAuer
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.