Problem with getting certificate

I have problem with getting ssl-certificate for server name

The domain is accessable from internet by 80 and 443 (I have manually configured certificate for now)

On the same host I have also another nginx virtual host (server name) - and there no problem with certbot, it works.

Could you please check ip address for in your DNS? It must be: Because I'm not found the requests from certbot log in nginx log.

My domain is:

I ran this command: sudo certbot --nginx

It produced this output:
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Type: unauthorized
Detail: 2a03:6f00:6:1::57f9:26fd: Invalid response from 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.29.0

Welcome to the community @vlmart

You have both an A and AAAA record in your DNS for for both an IPv4 and IPv6 address. That's fine but they each point to a different server. Let's Encrypt server will use AAAA when present and this one is failing. You can see the IPv6 address in the error message starting with 2a03:6f00. You should correct your AAAA address or remove it if you do not use IPv6.

You only have an A record for your domain so that is why that is different.


A    Address:
AAAA Address: 2a03:6f00:6:1::57f9:26fd

I see two different nginx servers:

curl -Ii4
Server: nginx/1.18.0 (Ubuntu)

curl -Ii6
Server: nginx/1.20.2
curl -Ii4
Server: nginx/1.18.0 (Ubuntu)

curl -Ii6
server: nginx/1.20.2

So did I :slight_smile:




Thank you so much! I removed incorrect AAAA record in my domain settings and now certbot works!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.