Invalid response from xxxx

#1

My domain is: genuine.celect-performance.com

I ran this command:
letsencrypt-auto -d genuine.celect-performance.com --test-cert

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for genuine.celect-performance.com
Waiting for verification…
Challenge failed for domain genuine.celect-performance.com
http-01 challenge for genuine.celect-performance.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):

Server Version: Apache/2.4.25 (Debian) OpenSSL/1.0.2q
Server MPM: prefork
Server Built: 2018-11-03T18:46:19
______________________________________

The operating system my web server runs on is (include version):

Debian 9.6

My hosting provider, if applicable, is:

N/A
I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.32.0

I have also tried to use manual

letsencrypt-auto certonly --manual -d genuine.celect-performance.com --test-cert

Create a file containing just this data:

9pHJ6Q5bBh5XmNGnTwPjCSIefXuiejuInZ49YL4Hhj4.Wky7yflNg6HiODogZubmrcRqZYxxMDr0X3lUivAKXZ8

And make it available on your web server at this URL:

http://genuine.celect-performance.com/.well-known/acme-challenge/9pHJ6Q5bBh5XmNGnTwPjCSIefXuiejuInZ49YL4Hhj4

#2

“validationRecord”: [
{
“url”: “http://genuine.celect-performance.com/.well-known/acme-challenge/9pHJ6Q5bBh5XmNGnTwPjCSIefXuiejuInZ49YL4Hhj4”,
“hostname”: “genuine.celect-performance.com”,
“port”: “80”,
“addressesResolved”: [
“64.207.177.119”,
“2001:8d8:100f:f000::203”
],
“addressUsed”: “2001:8d8:100f:f000::203”
}
]

It’s using the IPV6 address and not the IPV4 address from the subdomain. I’m not responsible for the DNS record and only control the machine the subdomain points to.

Is there a way to force IPV4 first?

Edit
Got it touch with the company responsible for the record and the AAAA was removed for my subdomain and now it’s worked.

#3

Hi @largestPie

Letsencrypt prefers ipv6. So if a domain has an ipv6 dns entry, the server should answer.

Listen [::]:80
Listen [::]:443

should do the job.