Renew certificate issues

I set up a nginx webserver and used Let'sEncrypt to redirect http traffic to https. I have since added some vhosts for different domains and Let'sEncrypt has redirected the traffic successfully for these too.

However, now the certificate has expired and I would like to renew it, but I get the following error for the default domain which I did not get when I initially setup the webserver:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.

 - The following errors were reported by the server:

   Type:   unauthorized
   Detail: Invalid response from
   [2001:41c9:1:422::189]: "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

The domain is: (This default domain I that have in nginx which was issued to me by the company hosting my server Bytemark).

My other domains which are vhosts under the same nginx server, all seem to renew with no issues, this seems to be an issue with the default domain only.

The nginx default domain config (/etc/nginx/conf.d/default.conf) is:

server {

    # note that these lines are originally from the "location /" block
    root  /usr/share/nginx/html;
    index index.php index.html;

    client_max_body_size 64M;

    location / {
        try_files $uri $uri/ =404;
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;

    location ~ .php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen      80;
    return 404; # managed by Certbot


It is possible to write into the /usr/share/nginx/html folder as root (which is the default ngnix location which is used for the default domain).


Try adding also:

listen [::]:80;

and reload nginx.


Welcome to the Let's Encrypt Community, Paul :slightly_smiling_face:

1 Like

Changing listen 80; to listen [::]:80; in my nginx config fixed the issue. Thanks for such a quick response from the community!


I recommend having both listen lines.

As @griffin posted, the problem was that your IPv4 and IPv6 webserver configurations were different.

By changing it, you've flipped things the other way, but the problem is still there.

Having both lines means that both IPv4 and IPv6 will be treated identically.


We've sadly gone from bad to worse, @_az.

The IPv6 HTTP (port 80) is being redirected to HTTPS (port 443), but there's no listener at all.

1 Like

Probably a missing listen [::]:443 too.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.