I run Redmine using Bitnami on a Debian server. It's been secured with a Let's Encrypt cert via lego for a long time now. It's using Apache 2.4.43.
It seems some time in the last few weeks the renewal has started failing with some kind of authorization error that I can't decipher.
I run the same commands I usually do:
sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="email@example.com" --domains="mydomain.com" --path="/opt/bitnami/letsencrypt" renew
sudo /opt/bitnami/ctlscript.sh start
It produced this output, with some information redacted:
2022/05/04 02:11:26 [INFO] [mydomain.com] acme: Obtaining bundled SAN certificate
2022/05/04 02:11:26 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1000000000
2022/05/04 02:11:26 [INFO] [mydomain.com] acme: use tls-alpn-01 solver
2022/05/04 02:11:26 [INFO] [mydomain.com] acme: Trying to solve TLS-ALPN-01
2022/05/04 02:11:33 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1000000000000
2022/05/04 02:11:33 error: one or more domains had a problem:
[mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url
I can find quite a few references to the same error but none seem to be relevant as far as I can tell. Also unclear why this just started happening but it's possible it's to do with some changes at our end.