Acme.sh wont update my certificate any longer

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: giversen.net

I ran this command: /mnt/ssl-auto/acme.sh --cron --home "/mnt/ssl-auto/" --config-home "/mnt/ssl-auto/config-home/"

It produced this output: [2025-11-18T08:59:35 CET] ===Starting cron===
[2025-11-18T08:59:35 CET] Already up to date!
[2025-11-18T08:59:35 CET] Upgrade successful!
[2025-11-18T08:59:36 CET] Automatically upgraded to: 3.1.2
[2025-11-18T08:59:36 CET] Renewing: 'giversen.net'
[2025-11-18T08:59:36 CET] Renewing using Le_API=https://acme.zerossl.com/v2/DV90
[2025-11-18T08:59:36 CET] Using CA: https://acme.zerossl.com/v2/DV90
[2025-11-18T08:59:36 CET] Multi domain='DNS:giversen.net,DNS:.giversen.net'
[2025-11-18T08:59:39 CET] Getting webroot for domain='giversen.net'
[2025-11-18T08:59:40 CET] Getting webroot for domain='.giversen.net'
[2025-11-18T08:59:40 CET] Adding TXT value: tCea1BaT1jwjo99-pGTf_rZPR1C4uIqYexcUJpH6fBg for domain: _acme-challenge.giversen.net
[2025-11-18T08:59:40 CET] Adding record
[2025-11-18T08:59:40 CET] Call to API not sucessfull, see below message for more details
[2025-11-18T08:59:40 CET] An Error Occurred: Internal Server Errorbody { background-color: #fff; color: #222; font: 16px/1.5 -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; margin: 0; }.container { margin: 30px; max-width: 600px; }h1 { color: #dc3545; font-size: 24px; }h2 { font-size: 18px; }

Oops! An Error Occurred

The server returned a "500 Internal Server Error".

Something is broken. Please let us know what you were doing when this error occurred.We will fix it as soon as possible. Sorry for any inconvenience caused.


[2025-11-18T08:59:40 CET] Could not add DNS record
[2025-11-18T08:59:40 CET] Error adding TXT record to domain: _acme-challenge.giversen.net
[2025-11-18T08:59:40 CET] Please check log file for more details: /mnt/ssl-auto/config-home/acme.sh.log
[2025-11-18T08:59:42 CET] Error renewing giversen.net.
[2025-11-18T08:59:42 CET] Renewing: 'giversen.net'
[2025-11-18T08:59:42 CET] Renewing using Le_API=https://acme.zerossl.com/v2/DV90
[2025-11-18T08:59:42 CET] Skipping. Next renewal time is: 2026-01-14T23:32:49Z
[2025-11-18T08:59:42 CET] Add '--force' to force renewal.
[2025-11-18T08:59:42 CET] Skipped giversen.net_ecc
[2025-11-18T08:59:42 CET] ===End cron===

My web server is (include version): not using it for https

The operating system my web server runs on is (include version): Alma linux 9.7

My hosting provider, if applicable, is: selfhosting

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no i am using acme.sh

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): using acme.sh 3.1.2, not certbot

1 Like
2

Your DNS host is returning an error when acme.sh tries to update the TXT record--whether that's a bug in acme.sh, or a problem with the DNS host, is unclear, but the error message points to the DNS host.

2 Likes
3

Well yes that is also what I thought, however on the 17/11 the ECC certificates were update without any issues at all. The dns provider (simply.com) havenā€™t changed anything since yesterday. This set up has been working for years without any issues until today.

4

...at which time your DNS host is returning "internal server error." You say they haven't changed anything; how do you know that?

2 Likes
5

You haven't gotten a Let's Encrypt cert for that domain in almost 4 years. You've been using ZeroSSL certs.

Is there a reason you came here for support? :slight_smile:

And that you don't use LE ?

2 Likes
6

ups I see it now, sorry about that,

2 Likes
7

No worries. We regularly see people here who didn't realize their default CA with acme.sh reverted to ZeroSSL. Usually it's by accident :slight_smile:

Still, I agree with @danb35 that it looks like a problem with your DNS provider.

2 Likes
8

well the DNS provider told me that it was okay in their end. However when I ran the script for 10 min ago it worked as it should. So something has changed in their API since this morning. Anyway its working again, sorry abot the mixup witk LE.

2 Likes
9

Actually, they might have just introduced a breaking change in their API that would require a code update to the plugin your client uses. The founder of the company just submitted a pull request to Posh-ACME's plugin.

4 Likes
10

hmm interesting not sure why but it works for me again.

11

I wouldn't be surprised if they didn't realize they were making a breaking change and decided to temporarily roll it back while they submit change requests to the various libraries and clients that use them.

6 Likes
12

Agree, that is also my conclusion

2 Likes
13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.