Newbie trying to get a certificate for a .dev domain

My domain is:

I ran this command:
sudo certbot certonly --standalone

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from [2a05:d014:953:a00:f056:be36:aa4f:ec8e]: "\n<"

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
Don't really know what this question means. I'm using expressjs with nodejs.

The operating system my web server runs on is (include version):
Raspberry OS (arm32)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.24.0

I portforwarded my router to forward all incoming requests on port 80 to my Raspberry Pi. Internally and externally port 80.

My redirects and DNS records (automatically generated by hostname registrar, don't really know what those records are):

Who is

Your domain points to them right now. You have to edit the A and AAAA records to point to your server. (For all the domains and subdomains you need)

1 Like

So change 2a05:d014:953:a00:f056:be36:aa4f:ec8e and to

No. Open the shell on your raspberry pi and run

curl -4
curl -6

The outputs should go in the A and AAAA records respectively. But those IP addresses might change, you probably need a dynamic DNS provider.

1 Like

I have a static IP adress from my ISP.
It says it'll take up to 24 hours to process. I'll reply if it works.
Thanks for the help!

1 Like

It usually takes a looooot less than 24 hours. (Like, a minute max)


IT WORKS, thank you kind stranger


Check if it works on IPv4 as well as IPv6, do you have port forwarding enabled?

Let's Encrypt goes on IPv6 by default, and that doesn't need or use port forwarding.

1 Like

How do I force certbot to use IPv4?

You don't, and it doesn't matter. Just check that your website is working on IPv4.

1 Like

Only DNS has that power.


Oh I never said. It works now, thanks

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.