I have LE certs set up on several domains and they are set to auto-renew via an HTTP ACME challenge. This recently stopped working though as it appears an overzealous application firewall somewhere in our organization is blocking HTTP GETs including the /.well-known/acme-challenge/ string on port 80…

Automatically try replacing http with https in ACME challenge?

MikeMcQ April 26, 2022, 7:11pm 2

This sounds like you may have a Palo Alto brand firewall. They recently changed a default setting. See here:

8 Likes

Topic		Replies	Views
Renewal acme-challenge over https Help	6	4859	January 6, 2019
I don't have HTTP, FTP or WebDAV - is authorization via HTTPS possible?	1	2820	April 14, 2016
Renew certificate with a different address Server	8	2439	August 4, 2017
Certbot renew authentication on port 443 instead 80 Help	2	2744	November 11, 2021
Change challenge from http to dns Help	11	8842	April 17, 2021