Issue with certificates on multiple ISPs

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
lediligent.com

I ran this command:

It produced this output:

My web server is (include version):
Wordpress
The operating system my web server runs on is (include version):
Ubuntu 20.04 LTS
My hosting provider, if applicable, is:
Scaleway
I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hello,
Here is my issue
I run a Wordpress blog on a virtual machine in Scaleway, which I completely manage.
I configured the Let's encrypt certificate for www.lediligent.com years ago, as well as autorenew, and it works.

However, I'm using an ISP for the email server and a subsite conseil.lediligent.com.
It's a hosted service, I don't have access to the server, just a cpanel.
Everything worked fine until it switched from ordering certificates to Lets encypt.

Now I get the error message:
Unable to renew certificate: Updating challenge for conseil.lediligent.com: acme: error code 403 "urn:ietf:params:acme:error:unauthorized": 109.234.161.86: Invalid response from http://conseil.lediligent.com/.well-known/acme-challenge/Bp4jV42WwLetipI9-NAxm2scorgaLSKtzgfO0O-SdRM: 404 (order URL: https://acme-v02.api.letsencrypt.org/acme/order/60047711/83707586617)

How can I resolve the issue?
Should I generate the SSL certificates on my scaleway server and somehow import them into the other ISP's cpanel ?
Or should I generate them with the cpanel and how can I avoid the error message?

Thanks

1 Like

I just see an error page there. There's probably some issue with the config of that server.

Is your ISP trying to strongarm you into buying a TLS certificate from them?

1 Like

A1: That will depend on the amount of access you have to the server
A2: They are two different IPs - going that route would overcomplicate the cert process.
A3: If that is an available option then take it.
A4: See A1 and which message you are referring to (I see two: 403 and 404)

2 Likes

Thank you for your help!

In the end, the issue was with the hoster, which at some point switched my server without informing me, and the wrong IP address in the DNS.

All is well now.

2 Likes