Certificat renewal failure during secondary validation: Remote PerformValidation RPC failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: izlem.duranonline.net

I ran this command: sudo certbot certonly --dry-run -d izlem.duranonline.net

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator nginx, Installer None
Cert is due for renewal, auto-renewing...
Simulating renewal of an existing certificate for izlem.duranonline.net
Performing the following challenges:
http-01 challenge for izlem.duranonline.net
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Challenge failed for domain izlem.duranonline.net
http-01 challenge for izlem.duranonline.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: izlem.duranonline.net
  Type: serverInternal
  Detail: During secondary validation: Remote PerformValidation RPC
  failed

  Unfortunately, an error on the ACME server prevented you from
  completing authorization. Please try again later.

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): debian 11 bullseye

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

I think Let's Encrypt is probably having issues right now. I'd give it some time for the staff to respond and provide an update. Or maybe the problem will subside on its own.

I have 2 servers due for renewal today, and I'm having the same issue, so I think there's an ongoing issue with letsencrypt.

Regardless of this issue, you shouldn't have “servers due for renewal today”, as it is strongly recommended to do the renewal 30 days before the certificate expiration.

Yes, the "due" term is for the task; it doesn't mean or stated that it will expire today.

Then you should have several weeks to get that task completed
LE recommends "checking" twice a day.

all working good now thanks.

Yes, I also confirm that the problem is now solved.

Thanks @JamesLE for the super useful link!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.