Failing auth on renew, multiple servers

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: /usr/bin/certbot --cert-name renew --force-renewal --text --email --agree-tos

It produced this output:
Type: unauthorized
Detail: Invalid response from
[2001:41d0:8:9a5b::1]: “\r\n404 Not
Found\r\n<body bgcolor=“white”>\r\n

Not Found


To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): nginx 1.14.1

The operating system my web server runs on is (include version): debian8

My hosting provider, if applicable, is: ovh dedicated

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0

I have multiple servers, so I’m trying to redirect all requests to one. Then this one should update the renewed certificate on all. Unfortunately I can’t understand what is happening.

Hi @anyway

there are some checks of your domain -

Your configuration isn't good.

You have a lot of different ip addresses - ipv4 and ipv6.

And a lot of differences between your ip addresses.


is redirected to another domain


sends a http status 404 - Not Found.

So first step: Check your configuration. There should be no K result - every combination of url and ip address should have the same http status.

Thanks, but as I said I have multiple server and everything is redirecting to gaterenew ( which is the one that should renew the certificate and then copy to the other servers. So the problem should be with giving 404. Any hint about this?

I don't know how your configuration works. But checking that ip -> http status 404.

And checking the gaterenew -

That domain has exact the two ip addresses

Host T IP-Address is auth. ∑ Queries ∑ Timeout A Roubaix/Hauts-de-France/France (FR) - OVH ISP Hostname: yes 1 0
AAAA 2001:41d0:8:9a5b::1 Roubaix/Hauts-de-France/France (FR) - OVH SAS yes Name Error yes 1 0

not working. May be a wrong vHost configuration.

A second problem: Your error says, that Letsencrypt has selected an ip address with the correct redirect. But your Certbot doesn't work with that configuration, there is a http status 404 with the ipv6 address.

But checking the domain -> both ip addresses (ipv4 and ipv6) have the same http status.

If you use such a redirected domain, you must use webroot. What's your authenticator?

I’m using nxing as authenticator.

How are you “redirecting” to

Problem #1: You have IPv6 addresses that fail connection on port 80
Addresses: 2001:41d0:8:9ceb::1

Problem #2: curl on IPv4 fails to see redirection.
curl -Iki4
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Sat, 19 Oct 2019 18:47:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 09 Jul 2019 22:09:49 GMT
Connection: keep-alive
ETag: "5d2510ad-264"
Accept-Ranges: bytes

I’m using nginx to redirect:
location /.well-known/acme-challenge/ {
return 301$request_uri;

Thanks to everybody. So the problem was at the port 80. Fixing nginx and now correctly redirecting both ipv4 and ipv6 seems working. (still using nginx as authenticator)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.