LetsEncrypt error A and AAAA

Hi guys,

I create this post because I didn’t find any solution for my problem. I try to implement SSL support on my OVH dedicated server with Debian 9 and Apache 2. I try to create SSL certificate for my domain but it’s impossible. I try to remove AAAA value, add it, … no solution :confused:

My domain is: fwoptimisation.com

I ran this command: certbot certonly --webroot -w /home/fwo/www -d www.fwoptimisati on.com -d fwoptimisation.com

It produced this output:

Failed authorization procedure. fwoptimisation.com (http-01): urn:ietf:params:ac                         me:error:unauthorized :: The client lacks sufficient authorization :: The key au                         thorization file from the server did not match this challenge [4HgJeti87LuHwbiUI                         hWQxar393cQIJitgryRLswFPDU.6OYAUOucp5RtvAjd24Zn9Iwfe324uhHdc2rNILdZVgc] != [4HgJ                         eti87LuHwbiUIhWQxar393cQIJitgryRLswFPDU.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5                         Gd8]


  • The following errors were reported by the server:

    Domain: fwoptimisation.com
    Type: unauthorized
    Detail: The key authorization file from the server did not match
    this challenge
    [4HgJeti87LuHwbiUIhWQxar393cQIJitgryRLswFPDU.6OYAUOucp5RtvAjd24Zn9Iwfe324uhHd c2rNILdZVgc]
    [4HgJeti87LuHwbiUIhWQxar393cQIJitgryRLswFPDU.4E3VCTFsySjUrqnCg0ooULx-3kbdPByg i0aWkvg5Gd8]

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Deibna 9, apache 2 and PHP 7

My hosting provider is: OVH

You can find my DNS configuration below:

fwoptimisation.com. 0 AAAA 2001:41d0:202:100:91:134:128:126

fwoptimisation.com. 0 A

www.fwoptimisation.com. 0 AAAA 2001:41d0:202:100:91:134:128:126

www.fwoptimisation.com. 0 A

my redirects:

fwoptimisation.com vers un serveur (ipv4 - A)
www.fwoptimisation.com vers un serveur (ipv4 - A)
fwoptimisation.com vers un serveur (ipv6 - AAAA) 2001:41d0:202:100:91:134:128:126
www.fwoptimisation.com vers un serveur (ipv6 - AAAA) 2001:41d0:202:100:91:134:128:126

Thanks for your help.


Hi @fauveauxm

there is an “echo result”. Checking your domain (via https://check-your-website.server-daten.de/?q=fwoptimisation.com ):

Domainname Http-Status redirect Sec. G
http://fwoptimisation.com/ -11 0.050 S
ServerProtocolViolation - The server committed a protocol violation. Section=ResponseStatusLine
2001:41d0:202:100:91:134:128:126 -11 0.054 S
ServerProtocolViolation - The server committed a protocol violation. Section=ResponseStatusLine
http://www.fwoptimisation.com/ 200 0.163 H
2001:41d0:202:100:91:134:128:126 -14 21.020 T
Timeout - The operation has timed out
https://fwoptimisation.com/ -11 0.717 S
ServerProtocolViolation - The server committed a protocol violation. Section=ResponseStatusLine
2001:41d0:202:100:91:134:128:126 -11 0.697 S
ServerProtocolViolation - The server committed a protocol violation. Section=ResponseStatusLine
https://www.fwoptimisation.com/ 200 1.380 I
2001:41d0:202:100:91:134:128:126 200 0.990 I
http://fwoptimisation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 200 0.054
Visible Content: check-your-website-dot-server-daten-dot-de.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8
2001:41d0:202:100:91:134:128:126 -14 10.026 T
Timeout - The operation has timed out
Visible Content:
http://www.fwoptimisation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 200 0.050
Visible Content: check-your-website-dot-server-daten-dot-de.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8
2001:41d0:202:100:91:134:128:126 -14 10.027 T
Timeout - The operation has timed out

http doesn’t really work. But checking the (not existing) url


you see the curious answer:


The first part is the (random) file name. The second part is the hash of a Letsencrypt public account key. With a different value - your own key has the value

6OYAUOucp5RtvAjd24Zn9Iwfe324uhHd c2rNILdZVgc

Sometimes hoster use such a solution to create Letsencrypt certificates.

And it’s possible that you use server management software with that behaviour.

Perhaps use that software to create certificates.

1 Like

Hi JuergenAuer,

Thank you for your answer and yes it is strange these results.
How can I define where the source of the problem comes from? Do you have any idea?

About a software, I didn’t find anything on the OVH forums or anything else.


Check the header box to see the headers. The headers with these answer are completely different.

Visible Content: check-your-website-dot-server-daten-dot-de.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8
Content-Security-Policy: default-src ‘none’
Content-Type: text/plain
Feature-Policy: geolocation ‘none’; camera ‘none’; payment ‘none’
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Xss-Protection: 1; mode=block
Date: Tue, 16 Apr 2019 14:13:25 GMT
Content-Length: 86
Connection: close
X-IPLB-Instance: 5425

The last row:

X-IPLB-Instance: 5425

It’s your own server or it’s something from your hoster, before the GET-request is answered by your server.



is something. Looks like OVH loadbalancer use such Headers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.