You have A and AAAA records. Your A records point to an IPv4 address and your AAAA records point to an IPv6 address. Maybe your site seems to work fine because your local connection uses IPv4, and your site works fine over IPv4. But if you have both types of records, Let’s Encrypt will try to connect over IPv6, and that’s not working currently on your server (or you have the wrong address).
So check if your server really has an IPv6 address, if the one listed for your AAAA records is the correct one, and if your web server is actually listening and responding on IPv6.
If you don’t intend to support IPv6, remove both of the AAAA records and Let’s Encrypt will connect over IPv4.
I think the fact that you removed the AAAA records and it worked, is enough to prove the issue was with IPv6
If you remove the A records then IPv4 will stop working; you might not want to do that as lots of people have only IPv4 and won’t be able to reach your site
If you want to try to fix your IPv6 you could just put the records back and try to access your site via an IPv6 connection, or if you don’t have access to one, a proxy such as http://www.ipv6proxy.net/
hi Juergen
I hope I have fixed.
With your expert knowledge are you able to check again?
I did a check and now it just says Forbidden…
many thanks again for your help