I’m having trouble with certificate renewal for a small Android tools site (used by script-based utilities like arceusX tools). The site runs on Nginx and uses Certbot for Let’s Encrypt integration.
The first certificate installed fine, but autorenewal fails due to DNS resolution issues. Logs show a timeout during challenge validation — possibly due to nonstandard user agent access or firewall rules.
Anyone else faced similar problems with smaller or app-specific domains? Would switching from HTTP-01 to DNS-01 help in this case?
you aren't using Let's Encrypt certificate at all, but Google Trust Service Certificate from May 7th. (cloudflare requested) do you actually need own certificate here? as It's cloudflare managed you can use Cloudflare origin CA
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it (and make our life a lot harder). In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Also, I've removed the hyperlink to that "arceusX tools" website. From your wording it was just "some example" and not the site you're having issues with and as it was it looked very much like spam.