Gitlab renewal issue

The IP of my domain is: 67.22.97.31
LE is resolving my domain to an old address: 67.22.96.146

My domain is: gitlab.aimphotonics.com

I ran this command: gitlab-ctl reconfigure

It produced this output:

[2025-10-28T15:25:45+00:00] ERROR: Running exception handlers
[2025-10-28T15:25:45+00:00] ERROR: Exception handlers complete
[2025-10-28T15:25:45+00:00] FATAL: Stacktrace dumped to /opt/gitlab/embedded/cookbooks/cache/cinc-stacktrace.out
[2025-10-28T15:25:45+00:00] FATAL: ---------------------------------------------------------------------------------------
[2025-10-28T15:25:45+00:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
[2025-10-28T15:25:45+00:00] FATAL: ---------------------------------------------------------------------------------------
[2025-10-28T15:25:45+00:00] FATAL: RuntimeError: letsencrypt_certificate[gitlab.aimphotonics.com] (letsencrypt::http_authorization line 6) had an error: RuntimeError: acme_certificate[staging] (letsencrypt::http_authorization line 43) had an error: RuntimeError: ruby_block[create certificate for gitlab.aimphotonics.com] (letsencrypt::http_authorization line 110) had an error: RuntimeError: [gitlab.aimphotonics.com] Validation failed, unable to request certificate, Errors: [{url: https://acme-staging-v02.api.letsencrypt.org/acme/chall/238349543/19939886113/zydBkA, status: invalid, error: {"type"=>"urn:ietf:params:acme:error:connection", "detail"=>"67.22.96.146: Fetching http://gitlab.aimphotonics.com/.well-known/acme-challenge/2il1HiCwTcPM__yKMYUBuoiVlkEZLHnmNWLa2o_YtU4: Timeout during connect (likely firewall problem)", "status"=>400}} ]

My web server is (include version):
root@gitlab:/var/log/gitlab/lets-encrypt# /opt/gitlab/embedded/sbin/nginx -version
nginx version: nginx/1.29.0
root@gitlab:/var/log/gitlab/lets-encrypt#

The operating system my web server runs on is (include version):
root@gitlab:/var/log/gitlab/lets-encrypt# uname -a
Linux gitlab.aimphotonics.com 5.15.0-161-generic #171-Ubuntu SMP Sat Oct 11 08:17:01 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
root@gitlab:/var/log/gitlab/lets-encrypt#

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
root@gitlab:/var/log/gitlab/lets-encrypt# certbot --version
certbot 5.1.0

When you ran that cert request had you just made the DNS change for the new IP?

Because I see the old IP in the Let's Encrypt staging system error message you posted. But, a current test using https://letsdebug.net shows the new IP. Other DNS tools all show the new IP too.

I am wondering if your DNS change just took a bit to synchronize across all your authoritative DNS servers.

Does this problem still occur?

DNS was changed last week, and had a TTL of 600

I just noticed the date. That was before you made the DNS change for the new IP. Right?

You know what....... You're right.

I'm going to go cut some eye-holes out of a brown paper bag.

Close ticket.