You are using the --tls option, which instructs acme.sh to use the tls-sni-01 validation method. However, the tls-sni-01 validation method was disabled due to security issues. Although using tls-sni-01 to renew previously existing certificates should be allowed, maybe it does not work in your case (e.g., I see that the --accountconf option specifies a file under /tmp, which probably means that acme.sh generates a new account key every time, and the whitelisting works only when the same account is used to renew the certificate).
You need to migrate to another supported validation method — either http-01 or dns-01.