Hi Jurgen,

Thanks for your participation - I completely agree. I don’t see anything should be wrong, I mean the URL it reports that it cannot visit works fine and the response is correct.

The only difference between this server and the 4 others I have running is that it located in another Public IP subnet AND that it has a Cisco ASA firewall in front, however the ports (http/80 + https/443) are opened and working.

What do you mean by order URL ? In my getssl conf I only have the following conf items:

CA=“https://acme-v01.api.letsencrypt.org”

#AGREEMENT=“https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”

Set an email address associated with your account - generally set at account level rather than domain.

#ACCOUNT_EMAIL=“me@example.com”
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY="/home/letsencrypt/.getssl/account.key"
PRIVATE_KEY_ALG=“rsa”
#REUSE_PRIVATE_KEY=“true”

The command needed to reload apache / nginx or whatever you use

#RELOAD_CMD=""

The time period within which you want to allow renewal of a certificate

this prevents hitting some of the rate limits.

RENEW_ALLOW=“30”

Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,

smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which

will be checked for certificate expiry and also will be checked after

an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true

SERVER_TYPE=“https”
CHECK_REMOTE=“true”

Use the following 3 variables if you want to validate via DNS

#VALIDATE_VIA_DNS=“true”
#DNS_ADD_COMMAND=
#DNS_DEL_COMMAND=