Though using the Traefik tool, I believe this may be a LetsEncrypt cacheing issue?
I have had Traefik v1.7 that uses the acme LetsEncrypt renewal engine running for years (thank you!). My traefik.toml file contained these lines:
[[acme.domains]]
main = "openprivacy.org"
- sans = ["www.openprivacy.org", "openprivacy.net", "www.openprivacy.net", "reputation.org", "www.reputation.org"]
I am preparing to sell reputation.org so I have removed its IP and changed the 'sans' line above to:
- sans = ["www.openprivacy.org", "openprivacy.net", "www.openprivacy.net"]
I rebuilt the containers but the certs are not renewing and LE is complaining (see initial post). Do I just have to wait for some time period for this to update? This is a bit of an emergency as the certs expire Jan 11 (and I just found this notice from Dec 31 buried in my email).
I can't say with certainty how Traefik "works" but based on the error message shown.
It doesn't seem to be reading that updated file.
Perhaps it is just trying to renew the existing cert (and all the names on it).
If so, then you need to instruct it to get a new cert with less names on it.
It was pilot error and was indeed related to Traefik. I still had website aliases for reputation.org and other removed domains that Traefik was picking up, passing to LE and LE was saying (correctly!) there's no IP for that domain.
Once I removed those httpd site aliases and restarted everything, LE (and everything else) all started working again (I have my new certificates - whew!).