This may be completely unrelated...
But I found it to be a very strange response:
curl -6 mail.mididoc.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://mail.mididoc.com:8080">here</a>.</p>
<hr>
<address>Apache/2.4.38 (Debian) Server at mail.mididoc.com Port 80</address>
</body></html>
Whereas, IPv4, nor HTTP responded at all; and port 8080 seems to be closed to all access.
i found the reason.
In fact it was a firefox problem.
the certificate database was not updated, ("cert8.db")
don't know the reason.
may be to late connection to update, who knows ...
anyway, since the database is uptodate now, everything is working as it should.
so the issue can be closed now as resolved.
cheers mike
Ps.
To answer the questions:
Yes we have apache for the sites,
but the ssl is only for webmin.
also webmin access is limited to our ip for security reasons.
@mike1950r Check to see what your certificate chain is. Your ACME client may have installed a chain going directly to "ISRG Root X1" on the last renewals, and not the (soon to be expired) cross signed intermediates by "IdenTrust DST Root X3".
Wow, that's odd. The "DST Root" is quite old and in virtually all operating systems and browsers; the "ISRG Root" didn't start getting included into Firefox's trust store until about 4 years ago. Perhaps firefox was corrupted somehow and the certificate database needed to be rebuilt?
i confirm certificate database needed to be rebuilt.
i deleted the cert8.db
started firefox, wanted to enter my ssl site
got error message about the certificate
inserted the exception rule
now entered my ssl site
exit my site
removed the exception
and from then on my ssl site was accepted as secure