Problems with letsencrypt, certbot, nextcloud and IPv6

Launching letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: no working IP addresses found for “


  • The following errors were reported by the server:

    Type: malformed
    Detail: no working IP addresses found for “

    To fix these errors, please make sure that you did not provide any
    invalid information to the client, and try running Certbot again.
    Done. Press any key…

I think that the Problem has something to do with IPv6 / IPv4 routing, because It’s a clean install of nextcloudpi, but the hole IPv6/IPv4 configuration is a bit messed up. There is no IPv4 portforwarding and running ifconfig prints multiple global IPv6 addresses, but only one of them is the correct one.

Is it possible that, with the default nextcloudpi configurations, letsencrypt does not work without IPv4?

tls-sni-01 challenge ???
I’m sorry, my whole effort was towards allowing a regular http challenge.
What command did you run?

I’m using the nextcloudpi image and ran “sudo nextcloudpi-config” -> “letsencrypt” -> “yes” -> “” ->“start”. I honestly have no idea which command nextcloudpi-config is using, but I could try to look it up in the source code.

try just:
sudo nextcloudpi-config

and walk through the prompts

I have the source code.
I will search the letsencrypt/certbot command in the source code.

Note: I ran certbot on a different raspberry, with a different IP a few weeks ago and it worked.

"try just:
sudo nextcloudpi-config"
That is exactly what I did. I think the Problem has something to do with the IPv4/IPv6 configuration
“nextcloudpi-config” documentation shows:
Disable HTTPS redirection
HTTPS is enforced by default, but in case you have a good reason to allow HTTP, you can enable it…

choose: NO

It still does not work…

The command used is:
/etc/letsencrypt/letsencrypt-auto -n --no-self-upgrade --apache --hsts --agree-tos -m -d

The same error occures, if I run this command manually.

The problem was that I enabled IPv6 portforwading at port 80 , but not 443. I enabled both port 80 and port 443 and now everything works fine.
Thank you for your help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.