I am also struggling with similar issue, can you please help me what I can check further. Already waster 1hr on this.
Here is more info:
root@ip-172-31-21-163:/etc/letsencrypt# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xmpp.kaiseapp.in
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /var/www/html/.well-known/acme-challenge
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/xmpp.kaiseapp.in/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/xmpp.kaiseapp.in/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
-------------------------------------------------------------------------------
root@ip-172-31-21-163:/etc/letsencrypt# cd /var/www/html/.well-known/acme-challenge
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# ls -rlt
total 4
-rw-r--r-- 1 root root 25 Apr 27 2018 test
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# cd test
-su: cd: test: Not a directory
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# ls -rlt
total 4
-rw-r--r-- 1 root root 25 Apr 27 2018 test
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# cat test
this is a challenge test
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/xmpp.kaiseapp.in/fullchain.pem (skipped)
No renewals were attempted.
-------------------------------------------------------------------------------
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# ls -lrt /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
-rw-r--r-- 1 root root 531 Oct 25 00:18 /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
root@ip-172-31-21-163:/var/www/html/.well-known/acme-challenge# cat /etc/letsencrypt/renewal/xmpp.kaiseapp.in.conf
# renew_before_expiry = 30 days
version = 0.19.0
archive_dir = /etc/letsencrypt/archive/xmpp.kaiseapp.in
cert = /etc/letsencrypt/live/xmpp.kaiseapp.in/cert.pem
privkey = /etc/letsencrypt/live/xmpp.kaiseapp.in/privkey.pem
chain = /etc/letsencrypt/live/xmpp.kaiseapp.in/chain.pem
fullchain = /etc/letsencrypt/live/xmpp.kaiseapp.in/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = None
account = 5973533445d28126a7de6eed1ea03529
[[webroot_map]]
xmpp.kaiseapp.in = /var/www/html
http://xmpp.kaiseapp.in/.well-known/acme-challenge/test
this is a challenge test