Bncert-tool seems to warning that IP is incorrect

Keywords: WordPress - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 536f39e3-31f3-ef41-d541-9d6c215d56ae
I’ve tried the tool and since various lego methods also, but failed to get an SSL to work for the following domain.

The tool presents the following error:

Warning: The domain ‘’ resolves to a different IP
address than the one detected for this machine, which is ‘’. Please
fix its DNS entries or remove it.

Support ID: 536f39e3-31f3-ef41-d541-9d6c215d56ae

@anthonycmain That error indicates that your domain resolves to a different IP address than the public IP for your instance.

You can get the values by running the commands below:

  • Public IP address for instance: curl
  • Public IP address for the domain: getent hosts

Could it be possible you enabled IPv6? If so, the tool doesn’t currently support the checks yet. I’ve created an internal task for fixing that.

In the meantime, you can run Bncert with the options below, and DNS checks will not be performed on the tool (but instead directly with Lego):

--perform_public_ip_validation 0 --perform_dns_validation 0


Yes I think you are right, I believe this is an IPV6 issue because LightSail doesnt support it properly.

Luckily this is a staging site, so I just used a different domain which didnt have an IPV6 DNS routes.

I hope you can resolve the issue as it will effect a lot of people and is incredibly difficult to track down the cause as its not well documented online yet. Took me 2 days and I’m a technical person by trade!