Here is the detail from the log at /var/log/letsencrypt/letsencrypt.log:
2024-09-03 01:18:17,501:DEBUG:certbot._internal.main:certbot version: 2.9.0
2024-09-03 01:18:17,502:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2024-09-03 01:18:17,502:DEBUG:certbot._internal.main:Arguments: ['--dns-cloudflare', '--dns-cloudflare-credentials', '/etc/letsencrypt/cloudflare.ini']
2024-09-03 01:18:17,502:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-09-03 01:18:17,513:DEBUG:certbot._internal.log:Root logging level set at 30
2024-09-03 01:18:17,515:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/ftp.limeintel.com.conf
2024-09-03 01:18:17,517:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-cloudflare and installer None
2024-09-03 01:18:17,517:DEBUG:certbot.configuration:Var dns_cloudflare_credentials=/etc/letsencrypt/cloudflare.ini (set by user).
2024-09-03 01:18:17,544:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): e5.o.lencr.org:80
2024-09-03 01:18:17,563:DEBUG:urllib3.connectionpool:http://e5.o.lencr.org:80 "POST / HTTP/1.1" 200 345
2024-09-03 01:18:17,564:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/ftp.limeintel.com/cert4.pem is signed by the certificate's issuer.
2024-09-03 01:18:17,568:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/ftp.limeintel.com/cert4.pem is: OCSPCertStatus.GOOD
2024-09-03 01:18:17,573:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2024-09-19 10:40:09 UTC.
2024-09-03 01:18:17,573:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2024-09-03 01:18:17,573:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-cloudflare and installer None
2024-09-03 01:18:17,573:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-cloudflare
Description: Obtain certificates using a DNS TXT record (if you are using Cloudflare for DNS).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='dns-cloudflare', value='certbot_dns_cloudflare._internal.dns_cloudflare:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_cloudflare._internal.dns_cloudflare.Authenticator object at 0x7f737f120b20>
Prep: True
2024-09-03 01:18:17,574:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_cloudflare._internal.dns_cloudflare.Authenticator object at 0x7f737f120b20> and installer None
2024-09-03 01:18:17,574:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-cloudflare, Installer None
2024-09-03 01:18:17,626:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1460522496', new_authzr_uri=None, terms_of_service=None), f375920bcf1b59b39f591ab5de5f2e37, Meta(creation_dt=datetime.datetime(2023, 12, 12, 7, 45, 24, tzinfo=), creation_host='sftp-limeintel-com.australia-southeast1-a.c.production-limeintel-com.internal', register_to_eff=None))>
2024-09-03 01:18:17,627:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-09-03 01:18:17,628:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-09-03 01:18:17,994:ERROR:certbot._internal.renewal:Failed to renew certificate ftp.limeintel.com with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
2024-09-03 01:18:17,998:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 700, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 383, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1015, in validate_conn
conn.connect()
File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 411, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3.9/site-packages/urllib3/util/ssl.py", line 449, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(
File "/usr/lib/python3.9/site-packages/urllib3/util/ssl.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.9/ssl.py", line 501, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib64/python3.9/ssl.py", line 1074, in _create
self.do_handshake()
File "/usr/lib64/python3.9/ssl.py", line 1343, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 756, in urlopen
retries = retries.increment(
File "/usr/lib/python3.9/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1548, in renew_cert
le_client = _init_le_client(config, auth, installer)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 838, in _init_le_client
return client.Client(config, acc, authenticator, installer, acme=acme)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 297, in init
acme = acme_from_config_key(config, self.account.key, self.account.regr)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 72, in acme_from_config_key
directory = acme_client.ClientV2.get_directory(config.server, net)
File "/usr/lib/python3.9/site-packages/acme/client.py", line 330, in get_directory
return messages.Directory.from_json(net.get(url).json())
File "/usr/lib/python3.9/site-packages/acme/client.py", line 705, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python3.9/site-packages/acme/client.py", line 647, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 544, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 657, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))