Help, how to regenerate letsencrypt with a new domain and new subdomain?

hi, i have a webserver on ubuntu 20.04 with nginx , before the letsencrypt ssl working normallu with old domain name , and now i try to regenerate new letsencrypt ssl with new domain name and new subdomain name, but it's always failed.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: (new) and

I ran this command:
sudo certbot --nginx -d -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for and

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Type: unauthorized
Detail: 2a02:4780:3:c062::59: Invalid response from 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
Ubuntu server 20.04 , nextjs , nginx ,and certbot
The operating system my web server runs on is (include version):
ubuntu server 20.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.8.0

please advice,

Thanks n regards,


Hi @ingenetic, and welcome to the LE community forum :slight_smile:

The name "" has two IPs:

Addresses: 2a02:4780:3:c062::59

The two IPs are being served by different web servers:

curl -Ii4
HTTP/1.1 200 OK
Server: nginx     <<<<<<<<<<<<<<<<<<<<<<<<<
Date: Sun, 21 Jan 2024 12:10:42 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin

curl -Ii6
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: Niagahoster
content-type: text/html; charset=UTF-8
date: Sun, 21 Jan 2024 12:10:48 GMT
server: LiteSpeed     <<<<<<<<<<<<<<<<<<<<<<<<<
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent

Please check the IPs and correct the needful.


hi rg305,
it's mean i have to delete one ip ?
is it this ip address : 2a02:4780:3:c062::59 ??
is it right ? i should delete that ip address and try to generate letsencrypt ssl again ?
or what i have to do ?

Please advice.

Best regards,

Those IP addresses should point to your nginx server.

You can find what they are many ways. One is to run these commands on that server

curl -4
curl -6

If the -6 command does not show any address you should remove the AAAA record from your DNS.

The DNS IP need to be correct for anyone to reach your server using IPv4 or v6


hi, here the result for curl -4 & curl -6

user@bentani:~# curl -6 from my webserver

curl: (7) Couldn't connect to server

user@bentani:~# curl -4

is it safe to remove this dns record : 2a02:4780:3:c062::59 ?

please advice



Yes, it seems that your server is not IPv6 enabled.


Hi rg305,

for my knowledge , may i know how you could know that a domain name has two ip ?
like on the first reply from you ?

because i already generate letsencrypt for other domains name, ex: one of my domain name which using letsencrypt ssl, has AAAA dns record too with IPv6 on zone editor cpanel, but i can issue letsencrypt ssl without any issue ? but this one being an issue .

please advice,

Best regards,

1 Like

The Let's Debug test site is good to find comms config problems

Use a DNS lookup tool (like dig or nslookup from command prompt) to view your DNS records. Or, check your DNS config panel.

The site is a reliable way to check various record types similar to how Let's Encrypt servers look them up.

In fact, both unboundtest and Let's Debug are still seeing your AAAA record:

Notice the server for IPv6 is not nginx but the "imunify360-webshield". And, you could not use IPv6 to connect to


What is that domain name?

You can have A and AAAA records but they must both be valid. For your domain the IPv6 (AAAA) IP is not.




What is that domain name?

for ex : tarad**.com
it has AAAA record, but i have no issue when generate letsencrypt ssl ? what different both of them ? why the one being issue and the other not beeing an issue ?
once again , this questions for my knowledge .

Thanks n regards,

1 Like

It is hard to say exactly why this other name "works".
It's IPv4 and IPv6 replies are not identical:

curl -Ii4
HTTP/1.1 301 Moved Permanently
Date: Mon, 22 Jan 2024 04:47:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1

curl -Ii6
HTTP/1.1 404 Not Found
Date: Mon, 22 Jan 2024 04:47:48 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1

Hi rg305 & MikeMcQ

Now i've generate letsencrypt successfully .
Really thanks for help & advice to solve the problems.
I've learn something new in here ..

Best regards,


Looks fine from here
Also on Windows 10 using Google Chrome Version 120.0.6099.225 (Official Build) (64-bit) I have no issues.

Did you clear your web browser's cache?


Also this domain seems fine too


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.