Invalid response from https://

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot certonly --manual

It produced this output:
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y

Press Enter to Continue

Create a file containing just this data:


And make it available on your web server at this URL:

(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet.)

Press Enter to Continue
Waiting for verification...
Challenge failed for domain
Challenge failed for domain
http-01 challenge for
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

1 Like

Hi @DanLDev

your configuration can't work, see your check, ~~20 minutes old -

You have ipv4 and ipv6. But checking http + /.well-known/acme-challenge/random-filename there are different answers.

Ipv4 is a nginx, ipv6 is an Apache. That can't work.

Fix your configuration, so ipv4 and ipv6 have the same output. Or (not so good): Remove your ipv6, create a certificate, then fix your ipv6.

1 Like

Hi @JuergenAuer Thanks for the help.

I'm fairly new to devops, how would i go about removing ipv6? My nginx config at the moment is as follows
server {
listen 80;
listen [::]:80;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;


    location ~ /.well-known {
            allow all;

    location / {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;



1 Like

It's your DNS AAAA record, not your webserver configuration.

That would make sense, as we've just transferred the A record over from GoDaddy to DigitalOcean, could it be possible that somehow the ipv6 record is still hitting the previous site, which would likely be running on apache?

1 Like

It's your configuration, so you know the answer.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.