Renewal suddenly failed for my domain, although the site itself was fully working for months and has previously renewed successfully. I think there’s an issue with the nginx server responding to the validation request with the cert for a subdomain first, but I’m not sure why that would have started happening. I have made changes to the config for that subdomain more recently but all I actually did was make it hard 404, so I can’t see why that would matter.
Additionally, can anyone tell me what the best procedure to test changes to an existing domain to get renewal working again is please? Actually trying to test changes to my setup to fix this has resulted in me getting rate limited. It would be good if error messages from certbot could be improved, preferably including some kind of clear warning about the rate limiting countdown. At the moment there’s no user-friendly information in them, which means if you do what I did (make some educated guesses, make some server changes and try them out by entering the renew command again) you just end up rate limited without warning.
Once I investigated the rate limiting rule I only found out existed from the “you have been rate limited” error I learned Let’s Encrypt also can’t remove it, which makes not warning people about it incredibly inconvenient. My website is now effectively down for the next week because I can’t fix the certificate. When the risk and consequences of an outcome are both so high, it’s nice to warn people before they trip them.
My domain is:
I ran this command:
certbot renew -q
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):