Let’s Encrypt failed to download the temporary challenge files created by Certbot

Hello,
I have a big problem.
I've my own server Ubuntu 22.04.5 LTS with Virtualmin version 8.1.0 on Apache
I'm trying to install Let's Encrypt SSL Certificate for my domain flt-waelzlager.de and get an error "Invalid response from http://flt-waelzlager.de/.well-known/acme-challenge/O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI: 404", The "Certificate Authority failed to download the temporary challenge files created by Certbot"
I don't understand why - files was created, they are accessed from internet.. I don't understand...

Command started from root console: " certbot -v certonly --webroot -w /home/flt-waelzlager/public_html -d flt-waelzlager.de -d www.flt-waelzlager.de"

This same error is, when I started command from Virtualmin interface

Full log:
"2026-07-09 11:07:35,079:DEBUG:certbot._internal.main:certbot version: 1.21.0
2026-07-09 11:07:35,079:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2026-07-09 11:07:35,079:DEBUG:certbot._internal.main:Arguments: ['-v', '--webroot', '-w', '/home/flt-waelzlager/public_html', '-d', 'flt-waelzlager.de', '-d', 'www.flt-waelzlager.de']
2026-07-09 11:07:35,079:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2026-07-09 11:07:35,090:DEBUG:certbot._internal.log:Root logging level set at 20
2026-07-09 11:07:35,091:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2026-07-09 11:07:35,091:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fb3f4f2bf10>
Prep: True
2026-07-09 11:07:35,091:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fb3f4f2bf10> and installer None
2026-07-09 11:07:35,091:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2026-07-09 11:07:35,145:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1143682547', new_authzr_uri=None, terms_of_service=None), 769b9d2f670a5fb78e82518de83be6a2, Meta(creation_dt=datetime.datetime(2023, 6, 5, 9, 0, 55, tzinfo=), creation_host='test.fltpolska.pl', register_to_eff=None))>
2026-07-09 11:07:35,146:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2026-07-09 11:07:35,147:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2026-07-09 11:07:35,696:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 961
2026-07-09 11:07:35,696:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 09 Jul 2026 09:07:35 GMT
Content-Type: application/json
Content-Length: 961
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "Profiles - Let's Encrypt",
"shortlived": "Profiles - Let's Encrypt",
"tlsserver": "Profiles - Let's Encrypt"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.8-July-06-2026.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"o-7xMp4DHys": "Adding random entries to the directory",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2026-07-09 11:07:35,697:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for flt-waelzlager.de and www.flt-waelzlager.de
2026-07-09 11:07:35,843:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0024_key-certbot.pem
2026-07-09 11:07:35,848:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0024_csr-certbot.pem
2026-07-09 11:07:35,850:DEBUG:acme.client:Requesting fresh nonce
2026-07-09 11:07:35,850:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-07-09 11:07:36,011:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-07-09 11:07:36,012:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 09 Jul 2026 09:07:35 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: tgKU1SCRm57WHTud3FTagDyygokSWL3d_JtkWrXLx14V2tOeaP0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2026-07-09 11:07:36,012:DEBUG:acme.client:Storing nonce: tgKU1SCRm57WHTud3FTagDyygokSWL3d_JtkWrXLx14V2tOeaP0
2026-07-09 11:07:36,012:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "flt-waelzlager.de"\n },\n {\n "type": "dns",\n "value": "www.flt-waelzlager.de"\n }\n ]\n}'
2026-07-09 11:07:36,015:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE0MzY4MjU0NyIsICJub25jZSI6ICJ0Z0tVMVNDUm01N1dIVHVkM0ZUYWdEeXlnb2tTV0wzZF9KdGtXclhMeDE0VjJ0T2VhUDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "Xk3ZuwvrHoZNhKjpqlTzgXIYZIHuCtImFlilcTgzUoHFcBCGlQ94W9HezlH5cAFh7HpQy_A1rp-sglmH3Bbd8VGJceTOjXoipGnH_GqvVdIGt9QNeR5IKfBLUVkFg4SUgy45bZ8Xd0LtszUIvICoWwlkw4x1RMFdj8-LCoHCoh7kZoakzOjJgqFYT7i5ym1C_HS99aCZeyvQJE6oNW4hSyn9X9LckkCclIsNwQ1sZEqVGTfI_jxSsTSx-pcN6Jy8dLDEzMvsVdEqWmeGvYyZltUXBE1VWVtK26OLbJCKX2b5lrZMARbgAbJ-_Gih1Te44deF-xB3oz1WaOH8cvLT0Q",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImZsdC13YWVsemxhZ2VyLmRlIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5mbHQtd2FlbHpsYWdlci5kZSIKICAgIH0KICBdCn0"
}
2026-07-09 11:07:36,196:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 503
2026-07-09 11:07:36,197:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 09 Jul 2026 09:07:36 GMT
Content-Type: application/json
Content-Length: 503
Connection: keep-alive
Boulder-Requester: 1143682547
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1143682547/530298624146
Replay-Nonce: tgKU1SCREQCy2zxn_DVGUXikXqGD37DAa6_vZWWszi-dXUT0Mm4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2026-07-16T09:07:36Z",
"identifiers": [
{
"type": "dns",
"value": "flt-waelzlager.de"
},
{
"type": "dns",
"value": "www.flt-waelzlager.de"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/1143682547/736143203966",
"https://acme-v02.api.letsencrypt.org/acme/authz/1143682547/736143203976"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1143682547/530298624146"
}
2026-07-09 11:07:36,197:DEBUG:acme.client:Storing nonce: tgKU1SCREQCy2zxn_DVGUXikXqGD37DAa6_vZWWszi-dXUT0Mm4
2026-07-09 11:07:36,197:DEBUG:acme.client:JWS payload:
b''
2026-07-09 11:07:36,199:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1143682547/736143203966:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE0MzY4MjU0NyIsICJub25jZSI6ICJ0Z0tVMVNDUkVRQ3kyenhuX0RWR1VYaWtYcUdEMzdEQWE2X3ZaV1dzemktZFhVVDBNbTQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzExNDM2ODI1NDcvNzM2MTQzMjAzOTY2In0",
"signature": "L0kXHmL2bnO_Sm7Nkof-qCspWbo5ck3iNZ1Vp7lYlMvlUey9EU-JaMuwf80XqYwivNZHHJAkla9zh97cOUTpaTAndFS04OjaFqz787MzKXrb0xy3i3Cp2DHjQwBI-oKCSHyQ0TBf5errA48oJF2drPt_jkysRhxBONNjDANqaDMDrew8igxbQeJ09hhtW1Hfzw9ympfbn0YamPy0nqmkjsE3k_W4b5rbRWw54xHc0IyDyihAbJC5epOPfPmaS6z1S27ohChC_c9vBqJWeI-ln_NgPgTcjYmxZHHGLfWWypX9ZJYz_RUUBbGHTnqGdZZIgrhLwZlatHgPWDfy4pPS3A",
"payload": ""
}
2026-07-09 11:07:36,363:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1143682547/736143203966 HTTP/1.1" 200 825
2026-07-09 11:07:36,363:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 09 Jul 2026 09:07:36 GMT
Content-Type: application/json
Content-Length: 825
Connection: keep-alive
Boulder-Requester: 1143682547
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9w0p0d3wB0aSlkmegdN1bgqkJ_A3lWnC6WpMmdfRHX4JSmPfMDc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "flt-waelzlager.de"
},
"status": "pending",
"expires": "2026-07-16T09:07:36Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203966/TQF44Q",
"status": "pending",
"token": "O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203966/wiSfWw",
"status": "pending",
"token": "O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203966/22_MMg",
"status": "pending",
"token": "O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI"
}
]
}
2026-07-09 11:07:36,363:DEBUG:acme.client:Storing nonce: 9w0p0d3wB0aSlkmegdN1bgqkJ_A3lWnC6WpMmdfRHX4JSmPfMDc
2026-07-09 11:07:36,364:DEBUG:acme.client:JWS payload:
b''
2026-07-09 11:07:36,365:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1143682547/736143203976:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE0MzY4MjU0NyIsICJub25jZSI6ICI5dzBwMGQzd0IwYVNsa21lZ2ROMWJncWtKX0EzbFduQzZXcE1tZGZSSFg0SlNtUGZNRGMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzExNDM2ODI1NDcvNzM2MTQzMjAzOTc2In0",
"signature": "gVTHHZJCBZkHBBZglyZtsbuF48ZMvw9bSuABCjfo2-CeMmCVpQYV3TkcVl3j3JclcclrPmUB-_fIgYe5GVlNxyK-qC3fY0afjMVCH1uDR-j9Cg9JkdFAqniKfK9yerHdb0TP1rvTVjj70EJqdd7cgBcBR89Y0Qbjw3K3g78OM4N6z_pJCmB0oDIOfvHUiLy7zSCcKNuevwrTERUuAE3dGtuBIbA5Md198jExjqQyYuXJXxoPs9HrQLYVxxLYHao9Hk6yZfk9PZ_KaKMcwNbOyHT0erjUV0hi1Ra7hw3S3z1gaSdy8Ednf2G5_U8gg7djPSnuQdJw-fxgKvbhlB7vmA",
"payload": ""
}
2026-07-09 11:07:36,540:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1143682547/736143203976 HTTP/1.1" 200 829
2026-07-09 11:07:36,541:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 09 Jul 2026 09:07:36 GMT
Content-Type: application/json
Content-Length: 829
Connection: keep-alive
Boulder-Requester: 1143682547
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: tgKU1SCRbZQk-oqCU6NvXEgjBr9TRn_IqsYUc9nZdz1F8aJuNTM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.flt-waelzlager.de"
},
"status": "pending",
"expires": "2026-07-16T09:07:36Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203976/nkVrLg",
"status": "pending",
"token": "s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203976/t3mMlQ",
"status": "pending",
"token": "s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203976/Ldgi9A",
"status": "pending",
"token": "s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0"
}
]
}
2026-07-09 11:07:36,541:DEBUG:acme.client:Storing nonce: tgKU1SCRbZQk-oqCU6NvXEgjBr9TRn_IqsYUc9nZdz1F8aJuNTM
2026-07-09 11:07:36,541:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-07-09 11:07:36,542:INFO:certbot._internal.auth_handler:http-01 challenge for flt-waelzlager.de
2026-07-09 11:07:36,542:INFO:certbot._internal.auth_handler:http-01 challenge for www.flt-waelzlager.de
2026-07-09 11:07:36,542:INFO:certbot._internal.plugins.webroot:Using the webroot path /home/flt-waelzlager/public_html for all unmatched domains.
2026-07-09 11:07:36,542:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /home/flt-waelzlager/public_html/.well-known/acme-challenge
2026-07-09 11:07:36,542:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /home/flt-waelzlager/public_html/.well-known/acme-challenge
2026-07-09 11:07:36,543:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /home/flt-waelzlager/public_html/.well-known/acme-challenge/O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI
2026-07-09 11:07:36,544:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /home/flt-waelzlager/public_html/.well-known/acme-challenge/s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0
2026-07-09 11:07:36,545:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-09 11:07:36,546:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203966/22_MMg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE0MzY4MjU0NyIsICJub25jZSI6ICJ0Z0tVMVNDUmJaUWstb3FDVTZOdlhFZ2pCcjlUUm5fSXFzWVVjOW5aZHoxRjhhSnVOVE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzExNDM2ODI1NDcvNzM2MTQzMjAzOTY2LzIyX01NZyJ9",
"signature": "G2M4-9aUCTYICXH_zmrBe1MNFnF91CKEeky71jrNOxfbcY3B0NteQubMfTGIbwqGyoS8LfAiNHpzHwmkq5tJRJs8r8ZdcDjgsGhIgbYZ7CaSZhTWsrJXSRnB0Vg6gGbPFjL2aQ8ChaH8c1dwrV1HoHvuDIcuOVF4cglRW3Bqu5tSfb8Bk1VGOrAwwCFP9mfim0x1cfM0enld0Ytc3HQUP8S_t-MK2CBf334JjzvUIFWrYqWdoJ4I3tj-gEpElNU0PX2j7ZJA0eBZOxNYIzDqPDN1Ac02RyEdR8P1WlWjUIh8iGDvzuzoXplg7p7zBdsXVB-ZHQniV5HqquCCh7t0xg",
"payload": "e30"
}
2026-07-09 11:07:36,711:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/1143682547/736143203966/22_MMg HTTP/1.1" 200 195
2026-07-09 11:07:36,711:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 09 Jul 2026 09:07:36 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 1143682547
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz/1143682547/736143203966;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203966/22_MMg
Replay-Nonce: 9w0p0d3wo6uHoBQAmIAL8bfQGnVqRU1P4Du4GdCfACtGfDmYNu4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203966/22_MMg",
"status": "pending",
"token": "O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI"
}
2026-07-09 11:07:36,711:DEBUG:acme.client:Storing nonce: 9w0p0d3wo6uHoBQAmIAL8bfQGnVqRU1P4Du4GdCfACtGfDmYNu4
2026-07-09 11:07:36,712:DEBUG:acme.client:JWS payload:
b'{}'
2026-07-09 11:07:36,713:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203976/t3mMlQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE0MzY4MjU0NyIsICJub25jZSI6ICI5dzBwMGQzd282dUhvQlFBbUlBTDhiZlFHblZxUlUxUDREdTRHZENmQUN0R2ZEbVlOdTQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzExNDM2ODI1NDcvNzM2MTQzMjAzOTc2L3QzbU1sUSJ9",
"signature": "SWUk9t-neqKafV1qrDoWfnbRcUI9O61o_81oI6SuORQawqQeVmjNOBnVo0ugNz273GAqjgwV4JA-QuK7aftUB2NDUimn9E8JSZBk1GnvdUle4x8B1cXHAGIJCbr9h7fk-BUTnvYVLI0_637z6miSnID5cc0vXpBVkd5lPl9lXBJMYM-kw5DdE8oc1OgL-8KvSvd6qvU3Ig6UXC_oxQzE5Mr8kaNZBacx6EB6HxFHSkPkSE5UVHkxjzuQegxg4FZFp3jNLho7xZT4kEz_ZsWmzLjonbycFFnBR7BWTLiCsGma45--Tv15xdiS3RohTCsrKSOyC7GtPj3b_ZO_pcIiXw",
"payload": "e30"
}
2026-07-09 11:07:36,881:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/1143682547/736143203976/t3mMlQ HTTP/1.1" 200 195
2026-07-09 11:07:36,881:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 09 Jul 2026 09:07:36 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 1143682547
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz/1143682547/736143203976;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203976/t3mMlQ
Replay-Nonce: tgKU1SCR_gxk3AtPh2tdvBFT6qxF4ag0hsz-Uda4k6J16srPVmc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203976/t3mMlQ",
"status": "pending",
"token": "s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0"
}
2026-07-09 11:07:36,881:DEBUG:acme.client:Storing nonce: tgKU1SCR_gxk3AtPh2tdvBFT6qxF4ag0hsz-Uda4k6J16srPVmc
2026-07-09 11:07:36,881:INFO:certbot._internal.auth_handler:Waiting for verification...
2026-07-09 11:07:37,883:DEBUG:acme.client:JWS payload:
b''
2026-07-09 11:07:37,884:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1143682547/736143203966:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE0MzY4MjU0NyIsICJub25jZSI6ICJ0Z0tVMVNDUl9neGszQXRQaDJ0ZHZCRlQ2cXhGNGFnMGhzei1VZGE0azZKMTZzclBWbWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzExNDM2ODI1NDcvNzM2MTQzMjAzOTY2In0",
"signature": "ZRgqps7_isju2w1kHAcwcdqwdrGR_NCGe_YEpmBDzuiBnnQ9Puq7nxIS0CU-El34n-3vgz-mq7-GZ6QZu5n3ppqQ_RzucipKSGy0Ym48s6RcjTMPY-c_Bgh-VNUAX2OWLMrqnlFuur5dNJXSr543yEDn_il0l7hsxm_c_k5dLlZv7VjAns6ax6WpkTcObGKSnKGBcEvz6iOx-EXbgK8p16EeBisWphq9H5A2wlttsS7y09ZttjHsWz3ZYzacsIwGKTdOtVQ75pIjvrTdVKKY3XHELmCSS1AtS-ckeTu2jTXQe3NL_N6C8yVT_6uK52ydKnskCVfRKowHzA4zo2VXDw",
"payload": ""
}
2026-07-09 11:07:38,049:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1143682547/736143203966 HTTP/1.1" 200 1095
2026-07-09 11:07:38,049:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 09 Jul 2026 09:07:37 GMT
Content-Type: application/json
Content-Length: 1095
Connection: keep-alive
Boulder-Requester: 1143682547
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9w0p0d3wZxQEf143lBIBNOYRS__vdqigSXxePHZifqfonExrl6Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "flt-waelzlager.de"
},
"status": "invalid",
"expires": "2026-07-16T09:07:36Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203966/22_MMg",
"status": "invalid",
"validated": "2026-07-09T09:07:36Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a01:4f8:c0c:643f::1: Invalid response from http://flt-waelzlager.de/.well-known/acme-challenge/O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI: 404",
"status": 403
},
"token": "O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI",
"validationRecord": [
{
"url": "http://flt-waelzlager.de/.well-known/acme-challenge/O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI",
"hostname": "flt-waelzlager.de",
"port": "80",
"addressesResolved": [
"2a01:4f8:c0c:643f::1",
"85.128.118.149"
],
"addressUsed": "2a01:4f8:c0c:643f::1"
}
]
}
]
}
2026-07-09 11:07:38,049:DEBUG:acme.client:Storing nonce: 9w0p0d3wZxQEf143lBIBNOYRS__vdqigSXxePHZifqfonExrl6Y
2026-07-09 11:07:38,050:DEBUG:acme.client:JWS payload:
b''
2026-07-09 11:07:38,051:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1143682547/736143203976:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTE0MzY4MjU0NyIsICJub25jZSI6ICI5dzBwMGQzd1p4UUVmMTQzbEJJQk5PWVJTX192ZHFpZ1NYeGVQSFppZnFmb25FeHJsNlkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzExNDM2ODI1NDcvNzM2MTQzMjAzOTc2In0",
"signature": "Gi3x8udKmhUtL4dgmnirgrsCGh867bpDUrZF-0o4mAENMrtr-0FoEvBgd0GTPlqzZ2fTc7d46OWOxuu-4SO6APmlSmtqpkyqtz3mNioL0ONhvBC5Z-bu_c6-FTi6OuRjZa4hsAePW-DoRC8QXvf6zkz2i7Koxp0Bxnpy5njgOPTdP611AMmlWui6G2jilmD-pSpKZbHXVpqtl1ZNAVALCiohS3e9Txq_bnTwmcj6wqrGQioandMr1uLN2BR8IkD2dgNLeoZbwwoSkU6FjEf9ktBIga2R2wLCSW-gZ3NL8mooUzWy07JPGf_Gb9YJpG0OV1ZOuHeK4NEYZR9NGtEk8A",
"payload": ""
}
2026-07-09 11:07:38,216:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1143682547/736143203976 HTTP/1.1" 200 1111
2026-07-09 11:07:38,216:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 09 Jul 2026 09:07:38 GMT
Content-Type: application/json
Content-Length: 1111
Connection: keep-alive
Boulder-Requester: 1143682547
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9w0p0d3wUuCirbYrJY6g0Yj5BiFlNvA0gB7N2AfiksQPCaOX77Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.flt-waelzlager.de"
},
"status": "invalid",
"expires": "2026-07-16T09:07:36Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1143682547/736143203976/t3mMlQ",
"status": "invalid",
"validated": "2026-07-09T09:07:36Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "2a01:4f8:c0c:643f::1: Invalid response from http://www.flt-waelzlager.de/.well-known/acme-challenge/s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0: 404",
"status": 403
},
"token": "s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0",
"validationRecord": [
{
"url": "http://www.flt-waelzlager.de/.well-known/acme-challenge/s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0",
"hostname": "www.flt-waelzlager.de",
"port": "80",
"addressesResolved": [
"2a01:4f8:c0c:643f::1",
"85.128.118.149"
],
"addressUsed": "2a01:4f8:c0c:643f::1"
}
]
}
]
}
2026-07-09 11:07:38,217:DEBUG:acme.client:Storing nonce: 9w0p0d3wUuCirbYrJY6g0Yj5BiFlNvA0gB7N2AfiksQPCaOX77Y
2026-07-09 11:07:38,217:INFO:certbot._internal.auth_handler:Challenge failed for domain flt-waelzlager.de
2026-07-09 11:07:38,217:INFO:certbot._internal.auth_handler:Challenge failed for domain www.flt-waelzlager.de
2026-07-09 11:07:38,217:INFO:certbot._internal.auth_handler:http-01 challenge for flt-waelzlager.de
2026-07-09 11:07:38,217:INFO:certbot._internal.auth_handler:http-01 challenge for www.flt-waelzlager.de
2026-07-09 11:07:38,218:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: flt-waelzlager.de
Type: unauthorized
Detail: 2a01:4f8:c0c:643f::1: Invalid response from http://flt-waelzlager.de/.well-known/acme-challenge/O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI: 404

Domain: www.flt-waelzlager.de
Type: unauthorized
Detail: 2a01:4f8:c0c:643f::1: Invalid response from http://www.flt-waelzlager.de/.well-known/acme-challenge/s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2026-07-09 11:07:38,218:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2026-07-09 11:07:38,218:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-07-09 11:07:38,218:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-07-09 11:07:38,219:DEBUG:certbot._internal.plugins.webroot:Removing /home/flt-waelzlager/public_html/.well-known/acme-challenge/O4Zd4b1CRXWLMNybpA-3LlSEEajiMToeh8xloG2nlUI
2026-07-09 11:07:38,219:DEBUG:certbot._internal.plugins.webroot:Removing /home/flt-waelzlager/public_html/.well-known/acme-challenge/s5brNo3OUQqC8qi8Ewyc5cW8swvyJtxPFd4qdRGBGJ0
2026-07-09 11:07:38,219:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2026-07-09 11:07:38,219:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1434, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2026-07-09 11:07:38,220:ERROR:certbot._internal.log:Some challenges have failed."

Please help!
Best Regrds

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I reply myselve - problem was "addressUsed": "2a01:4f8:c0c:643f::1" - I don't use IPv6, but DNS answer IPv6 adress... I found that and delete IPv6 record.
Problem solved.