# LetsEncrypt Fails on Generate Certificate Task

**URL:** https://discourse.roots.io/t/letsencrypt-fails-on-generate-certificate-task/25990
**Category:** trellis
**Tags:** letsencrypt
**Created:** 2023-09-20T03:09:53Z
**Posts:** 19
**Showing post:** 5 of 19

## Post 5 by @strarsis — 2023-11-29T16:50:35Z

> [@rhetthenckel](#):
>
> `Could not access the challenge file for the hosts/domain...`  
> I test the urls with pings and wgets - the IPs are correct and they work. so I rerun the command.

Note that Trellis does the challenge file test from the workstation, not from the target server:

> [@Letsencrypt could not access the challenge file](https://discourse.roots.io/t/letsencrypt-could-not-access-the-challenge-file/26176/2):
>
> OK, no AAAA record rules out the classic IPv6 over IPv4 address for validation with Let’s Encrypt issue. Note that this error message comes from Trellis, that does a check on its own, before actually making Let’s Encrypt validate the domain (this can save quotas). So when your workstation/CI server that runs Ansible (applies the Trellis playbook) is not able to resolve the domain or fetch the file (fail2ban comes to mind), this pre-check will fail, even when Let’s Encrypt may actually be able …

---

_[View the full topic](https://discourse.roots.io/t/letsencrypt-fails-on-generate-certificate-task/25990)._