Kemp LoadMaster manual Renewal - unable to communicate with CA

Being a noob to the lets encrypt system, I thought I'd give it a go on a kemp load master by following this documentation: Progress Documentation

I successfully requested and pulled the cert, just to test, I was able to renew it once there and then shortly after the pull. However, when I want to renew the cert manually again it fails each time with "unable to communicate with CA"

looking at the logs more closely I see:
2025-03-16T22:30:45+00:00 lb100 Acme: Problem connecting to https://acme-v02.api.letsencrypt.org/acme/new-nonce; return code 28 (code: 3)

I don't see any problems with dns, and I cant find anything on the return code, so I'm not sure what it means. Why is it failing to renew?

TIA

I tried a few moments ago, and it worked, tried a few moments later, and it has stopped working, the problem seems to be intermittent.

That's most likely some kind of comms problem. Do you have any other diagnostic tools you can run from that device? Is there anything between that Kemp device and the internet (like firewalls, routing gear, and such)?

Do the logs give any further info?

No limitations or restrictions, using Google dns, when I manually try to renew it’s very hit and miss, most times CA is unavailable message appears, sometimes it renews ok.

All we (the community) could really suggest is either a flaky OS, buggy client or a network issue and your best bet is to contact your vendor (Progress). Code 28 is probably a curl connection timeout.

If using something like curl to query https://acme-v02.api.letsencrypt.org/directory consistently works then generally connectivity is OK, but there could still be a firewall or similar being selective about allowed processed or allow target IPs etc.

I'd get the certificate on a different system then deploy it to your target device.

You might ask the Kemp Loadmaster community or even their support for ways to diagnose that intermittent error.