It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-netcup, Installer None
Requesting a certificate for cloud.ftv-spandau.de
Performing the following challenges:
dns-01 challenge for cloud.ftv-spandau.de
Cleaning up challenges
Running post-hook command: /etc/letsencrypt/renewal-hooks/post/reload_services.sh
Unexpected error determining zone identifier for ftv-spandau.de: Can not get DNS records for zone. Domain not found. (5031)
My web server is (include version):
Apache2 2.4.62-1~deb12u2
The operating system my web server runs on is (include version):
Debian 12.10
My hosting provider, if applicable, is:
Netcup
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 3.3.0
The problem is related to the fact that the main domain and the subdomain are hosted on another server. There the DNS entry for the subdomain cloud.ftv-spandau.de is set up for the IP of the old server. This worked so far, but now the certificate on the old server is expired and cannot be renewed due to this error. Can the certificate be renewed when the Domain is on another server?
No, as I said the main domain is on another server, where there is a DNS entry to redirect the subdomain back to the old server. The new server is an Ionos Web hosting. We want www and email run on Ionos and the cloud still on the old server.
I don't understand. For the dns-01 challenge, as you are using currently, it doesn't matter where the host is situated, it only matters where the domain is hosted.
I could run my server from anywhere in the world with any hosting provider, but if the DNS for my domain is e.g. Cloudflare, I can use the certbot-dns-cloudflare DNS plugin for my certificates regardless of the hosting provider hosting my site.
Well, I don't understand too. That's why I am asking. The error message:
Can not get DNS records for zone. Domain not found
Is confusing. The Domain ftv-spandau.de exists and points to Ionos.
Perhaps so but the full error message is above. The "unexpected error" is the key part here.
You are trying to use the dns-netcup plugin for the DNS Challenge. That challenge needs to add and delete a TXT record in the DNS zone for your domain.
But, your domain's DNS servers are managed by Ionos. Not by Netcup. So, when the Netcup plugin asked Netcup for the domain info it said it didn't have the records (b/c it does not ).
Note that none of this has anything to do with the A records in the DNS which point to your servers or mail system. This is purely about the DNS challenge to get your cert.