The domain has been moved from one service provider to another (not the website itself, it is on a thin party host!).
Now we can’t renew the certificate, getting the error message below.
You domains has A and AAAA records (IPv4 and IPv6 addresses) but your site only answers over IPv4.
$ curl -6vIkL http://steco.de
* Rebuilt URL to: http://steco.de/
* Trying 2001:688:4:74::2...
* TCP_NODELAY set
* connect to 2001:688:4:74::2 port 80 failed: Connection timed out
* Failed to connect to steco.de port 80: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to steco.de port 80: Connection timed out
Since a few months ago, Let’s Encrypt prefers IPv6 over IPv4 to validate your domain.
Solution: fix your IPv6 connectivity issues or remove the AAAA records for your domain.