Could not renew Let`s Encrypt certificates

The certificate on my domain was approaching renewal time and an update was attempted. I received a failure emailcontaining the following:

Could not renew Lets Encrypt certificates for Cxxxxxxx (login xxxxxxxx). Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Lets Encrypt certificates has failed:

** 'Lets Encrypt quizbuzzers.co.uk' [days to expire: 26] **
[-] *.quizbuzzers.co.uk
[-] quizbuzzers.co.uk

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/254741965156.
Details:
Type: urn:ietf:params:acme:error:connection
Status: 400
Detail: 103.108.220.115: Fetching http://quizbuzzers.co.uk/.well-known/acme-challenge/nn7LGMSUEQoFwTXENviDc0GI-lL6Tn7wRDcrqMQeV8Y: Timeout after connect (your server may be slow or overloaded)

I have tried renewing manually, and have removed the certificate and tried issuing a new one, but the same error happens.

Please advise how I can fix this

When I try browsing that url with my browser I get the same error. Do you have any weird firewalls that allow requests but refuse to send back the response?

No firewalls or anything as far as I know. Other domains pointing to the same place work

Your entire website is down over HTTP (try surfing to http://quizbuzzers.co.uk/), so it's not a Let's Encrypt/ACME issue, but a generic issue with your (web)server.

No clue how to fix that though, this is probably not the right forum for such generic (web)server questions. Once your site works again using HTTP, then your certificate renewal should work again too.

Something seems broken with not only your site but also how you are requesting certs.

In the past you got wildcard certs. And, in your first post you show *.quizbuzzers.co.uk

Wildcard certs require a DNS Challenge. But the above error is only issued for an HTTP Challenge which is not valid for a wildcard.

Right now requests to that domain return a non-wildcard cert for coral.herosite.pro. Not sure why it would do that but hopefully this is a helpful clue for you to figure out what is wrong.

openssl s_client -connect quizbuzzers.co.uk:443

subject=CN = coral.herosite.pro
issuer=C = US, O = Let's Encrypt, CN = R3
notBefore=Jun 28 02:25:53 2023 GMT
notAfter=Sep 26 02:25:52 2023 GMT

That is odd.
Looks something like "fail2ban" is running in line.

To try to fix the problem I removed the existing certificat and tried to re-issue a new one,but this fails with the same error. It had been working fine up to that point, as are several other domains I also host. I have not changed anything.

Looks like you got a fresh cert so looks like you fixed your problem.

It isn't a wildcard cert like before but it looks fine to me

That is usually a step in the wrong direction.
It doesn't help to delete some that is good in order to attempt to get an equal one.
At best, you will be right where you started - with a good cert.
At worst, you will be left without a cert.

MikeMcQ - yes, somehow I ended up with a working certificate. I have since re-issued another with wildcard and webmail access and it worked. Go figure!

This link solved my problem. I found out that I had accidentally switched name servers.
Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.