That is OK for HTTP-01 authentication if there is also an HTTPS listener, because Boulder is willing to follow redirections even cross-protocol. Well, I guess it won't follow them to gopher://, but it will follow them to https://.
Cause:
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/dev.stephane-huc.net.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
Attempting to renew cert from /etc/letsencrypt/renewal/dev.stephane-huc.net.conf produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/dev.stephane-huc.net/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
Aaaah!
So what I perceived to be “working” was all just over IPv4.
And since IPv6 is on and preferred, but fails… all bets are off.
I need to get a good IPv6 checker system.
Ok, wait few hours,
I commented my IPV6 records DNS.
I retry at this moment, when replication DNS will be good. (without IPV6)
Ok!
Congratulations
Certs renewed!
thanks 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.