Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
http://observebreathe.com
I got an email saying my certificate is expired? Now my site isn't working properly.. can anyone help please?
All the answers to this questionnaire are required. Please answer all the questions to the best of your knowledge. "I don't know" is also a valid answer.
I ran this command/pushed this or that button (for your initial certificate issuance or attempt to renew it):
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
By the way, your site has been getting certificates every 2 months, as it should, for more than 3 years now (crt.sh | observebreathe.com). So apparently something has changed that has broken the automated renewal. Question is: what? We'll need the extra info from the questionnaire to begin answering that question.
We won't be able to say anything specific without the info from the form Osiris posted.
But, just guessing that your DNS config was changed since Sept. Your cert is a wildcard which requires a DNS Challenge.
Your DNS has several problems with delegation and glue records. You should fix those anyway and review your DNS Challenge technique to ensure it works with your new DNS config.
See the Warnings section at: observebreathe.com | DNSViz
In your case these are more than Warnings
I agree that it's better to fix these DNSViz issues, but UnboundTest does currently succeed:
https://unboundtest.com/m/TXT/_acme-challenge.observebreathe.com./XLJQCAGX
That said, the fact there is a single TXT RR lingering around means that most likely some automated system isn't working properly (any longer), as usually automated challenge plugins/clients will remove the TXT RR again after the authorization attempt. Perhaps this TXT RR is left there after a manual attempt 
Yes, but there are two DNS systems described in the tree. My guess is their DNS Challenge is updating the "wrong one" now.
As you note, the TXT record unboundtest sees is not conclusive.
If they explained more about their system we wouldn't have to guess 
Well, not really in the "tree" from the root, only DO then. Only when you query the DO NS for the NS of the zone itself, you'll get those other ones. But that's usually not done I think. There's no mentioning of the ns{1,2}.observebreathe.com nameservers in the UnboundTest log.
Both NS currently sport the same TXT value though.
Not sure why there are these ns1.observebreathe.com. and ns2.observebreathe.com. configured to begin with..
Hello @Observebreathe,
I believe you have some Geo Blocking happening for HTTPS on Port 443
As seen here, Permanent link to this check report, several places around the world are getting "Connection timed out".
Let's Encrypt uses Multi-Perspective Validation Improves Domain Validation Security - Let's Encrypt
These happen from multiple Geos around the world and can change at anytime.
Please also read these:
I forgot to mention there is a redirect from HTTP Port 80 to HTTPS Port 443 happening, which is fine; but the redirection also must not be blocked.
$ curl -Ii http://observebreathe.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 08 Dec 2024 18:33:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://observebreathe.com/.well-known/acme-challenge/sometestfile
@Bruce5051 Please note that OP has a wildcard certificate and thus must be using the dns-01 challenge.
Thanks Osiris!
Sorry, my bad! 
Hey to be honest, I have no idea what any of this means.
My domain is observebreathe.com
i'm hosted with digital ocean for DNS?
my web server is macOS 10.15.
Version 128.0.6613.138 (Official Build) (x86_64)
My control panel is wordpress
and i have no idea what a certbot is...
Welcome to the Let's Encrypt Community! 
How have you been acquiring your certificates?
I had tech friends help me set this all up years ago. Now i'm left on my own and I have no idea what any of this means
Did something about your technical setup change recently? Looks like your DNS provider changed in some way, perhaps, according to @MikeMcQ's findings above. Maybe you changed domain name registrars and/or DNS providers or a related service?
I have no idea, I had a friend managing this and then they kind of bailed on me. I don't remember changing anything. I have digital ocean but I don't remember changing anything.