Certbot hangs on auto and manual renewal, but never errors out

My domain is: casestry.com

I ran this command: certbot renew --dry-run --verbose

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/casestry.com.conf

Certificate is due for renewal, auto-renewing...

My web server is (include version): nginx/1.26.3

The operating system my web server runs on is (include version): Alma Linux 9.5 (Linux 5.14.0-503.23.2.el9_5.x86_64)

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site: No, I have direct root access.

The version of my client is: certbot 3.2.0

I've tried multiple times, sometimes waiting more than 10 minutes, and it never errors out, and just hangs. Manual/auto-renewal prior to this (most recent was in December 2024) was working perfectly for years. The LetsEncrypt log shows:

2025-03-04 01:11:53,258:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2025-03-04 01:11:53,421:DEBUG:certbot._internal.main:certbot version: 3.2.0
2025-03-04 01:11:53,421:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/4412/bin/certbot
2025-03-04 01:11:53,421:DEBUG:certbot._internal.main:Arguments: ['--dry-run', '--verbose', '--preconfigured-renewal']
2025-03-04 01:11:53,421:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-03-04 01:11:53,435:DEBUG:certbot._internal.log:Root logging level set at 20
2025-03-04 01:11:53,437:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/casestry.com.conf
2025-03-04 01:11:53,438:DEBUG:certbot.configuration:Var server=https://acme-staging-v02.api.letsencrypt.org/directory (set by user).
2025-03-04 01:11:53,438:DEBUG:certbot.configuration:Var account=None (set by user).
2025-03-04 01:11:53,438:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2025-03-04 01:11:53,438:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2025-03-04 01:11:53,451:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): e5.o.lencr.org:80
2025-03-04 01:11:53,459:DEBUG:urllib3.connectionpool:http://e5.o.lencr.org:80 "POST / HTTP/1.1" 200 346
2025-03-04 01:11:53,459:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/casestry.com/cert3.pem is signed by the certificate's issuer.
2025-03-04 01:11:53,461:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/casestry.com/cert3.pem is: OCSPCertStatus.GOOD
2025-03-04 01:11:53,464:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2025-03-23 07:04:46 UTC.
2025-03-04 01:11:53,464:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2025-03-04 01:11:53,465:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2025-03-04 01:12:34,568:ERROR:certbot._internal.log:Exiting due to user request.

Any help is much appreciated, as I am at my wit's end with this issue. Thank you!

Sounds similar to Renewal hangs, never times out so perhaps the same type of problem.

May be worth raising a certbot issue on github GitHub · Where software is built

@webprofusion It is in fact identical to that problem, but that user somehow resolved it manually, whereas I am at a complete loss as to how to get a new certificate.

I will post on Github as well to see if I can get any help there too.

Ok I figured it out, it seems that ssl_stapling was causing issues for certbot. Once I commented out the following lines in my nginx.conf, I was able to renew my cert:

ssl_stapling on;
ssl_stapling_verify on;

Not sure if it's a bug from certbot's end, but it seems it has issues with ssl_stapling? In any case, hopefully this helps someone with the same/similar issues.