I’ve been using LE for quite some time without any issues. However …
Today I tried to add a certificate for a new domain and it failed for the following reason:
Failed authorization procedure. promentorfinans.se (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [7aniy-jiMmzp5Qi7TD9TD2O7Fi7JXzVzt33_8yzgwyA.K50uFwf8ZXDR6ymNZ8Xjujxw9i3YOPCuL05RBECjTCU] != [7aniy-jiMmzp5Qi7TD9TD2O7Fi7JXzVzt33_8yzgwyA.-f_daEYxVOFls4aupfol2f4PA8ikqBUw-4tU6dotcK8]
I’m on CentOS7 w/ Apache 2.4.
I’ve checked the DNS/IP/A records and they are all good.
The vhost config is automated and I’ve been using this template for +100 certificates.
I use letsencrypt-auto when issuing the certificates but now I’ve tried the method suggested by your documentation, certbot --apache … and I’ve tested various other combinations including --certonly but they all end up with the above error.
I even tried deleting another certificate and there was no problem re-installing it.
Your domains has IPv4 and IPv6 records, the A record points to an Apache web server and the AAAA record points to a nginx web server. As Let’s Encrypt prefers IPv6 over IPv4, it is trying to reach the challenge using your nginx web server and seems you are not using it to issue your cert.
Fix your IPv6 conf or if you are not using it, remove the AAAA record for your domain.