Invalid response from xxxx

My domain is:

I ran this command:
letsencrypt-auto -d --test-cert

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


My web server is (include version):

Server Version: Apache/2.4.25 (Debian) OpenSSL/1.0.2q
Server MPM: prefork
Server Built: 2018-11-03T18:46:19

The operating system my web server runs on is (include version):

Debian 9.6

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):


I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.32.0

I have also tried to use manual

letsencrypt-auto certonly --manual -d --test-cert

Create a file containing just this data:


And make it available on your web server at this URL:

“validationRecord”: [
“url”: “”,
“hostname”: “”,
“port”: “80”,
“addressesResolved”: [
“addressUsed”: “2001:8d8:100f:f000::203”

It’s using the IPV6 address and not the IPV4 address from the subdomain. I’m not responsible for the DNS record and only control the machine the subdomain points to.

Is there a way to force IPV4 first?

Got it touch with the company responsible for the record and the AAAA was removed for my subdomain and now it’s worked.

Hi @largestPie

Letsencrypt prefers ipv6. So if a domain has an ipv6 dns entry, the server should answer.

Listen [::]:80
Listen [::]:443

should do the job.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.