I moved a gitlab+nginx server using a letsencrypt cert to a non-standard port. When it came time to renew the cert I found that it's not possible to do it that way. I then moved the server back from the non-standard port and reopened the firewall. sudo letsencrypt renew still fails:
Attempting to renew cert (neilger.org) from /etc/letsencrypt/renewal/neilger.org.conf produced an unexpected error: Failed authorization procedure. neilger.org (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://neilger.org:7918/.well-known/acme-challenge/UDxBQDXLFmIovF4OT2glusdHJw0BMhiF-xysB6j2szo: Invalid port in redirect target. Only ports 80 and 443 are supported, not 7918. Skipping.
I can't find where the renewal request is finding the non-standard part, it's not in the server config, which is served normally at 443.
Attempting to debug this has also led to:
Attempting to renew cert (neilger.org) from /etc/letsencrypt/renewal/neilger.org.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt. Skipping.
How can I remove the non-standard port from the request, and how can I reset my request limit?