Partial certification worked. Fixing the wrong AAAA record for the failure now results in all domains failing


BIt of background first.
I work for a small IT provider and one of the things that are offered are websites on a homebrew CMS.
The other developer who knew this is not available anymore and that is why I as new guy suddenly get to do this.
Managed to get 2 out of 3 domains for this customer certified. The last one had an AAAA record pointing to 3rd party Hosting.
I got notified that this 3rd party fixed the record. They have from what I can see.
Now the problem is that after attempting to run certbot it rejected all domains.

My domain is:,,

First two are from the customer, the www domain was faulty. the abayocms domain is the one used internally by the CMS.

I ran this command:
certbot-auto certonly --expand --dry-run --keep-until-expiring --noninteractive --webroot -w /var/letsencrypt -d -d -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
http-01 challenge for
Using the webroot path /var/letsencrypt for all unmatched domains.
Waiting for verification…
Challenge failed for domain
Challenge failed for domain
Challenge failed for domain
http-01 challenge for
http-01 challenge for
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


My web server is (include version):
apache 2.2.15

The operating system my web server runs on is (include version):
Centos 6.8

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


Hi @Sjoerd

you use /var/letsencrypt as webroot. This isn’t your real webroot, there must be a location block.


  • remove the location block and
  • use your real webroot

First try to create two directories


there a file (file name 1234), load this via

Your config is ok, you have ipv4 and ipv6, but no special ipv6 problem (see the result of ). So a wrong ipv6 configuration isn’t the problem.


Thank you. You were right when you wrote that this isn’t the webroot.
I would never have noticed the missing directory without that prodding (not sure where I lost it during trying to understand what went wrong for these domains).
And thank you for that website. I think I’ve seen two errors that might actually require action, at least on the level of learning enough to understand if I can leave them alone or not.