Any particular reason you are using the tls-alpn-01 challenge type instead of just using http validation?
I think you'd need to stop your webserver (which is currently using port 443 for https) before tls-alpn-01 would work (because that also needs to use port 443).
Hi, nope I was just following the article here. But somehow when i tried to do auto renewal i can see my cron job scheduled but it is not renewing.
That example does indeed use tls validation, I would probably have used http validation instead but I don't know much about the lego client to help you.
Did you setup Step 5 of that article (where you stop and start the webserver with a script as part of your renewal)?
@darylaurito The AWS steps used the DNS challenge and making a wildcard cert. Did you make a wildcard cert? Because DNS challenge is required to issue another one. The TLS-ALPN challenge won't work - even if you get it working at all.
@MikeMcQ I only able to got it renew when I went to my cloudflare and add in the text record. Which I find it too manual. I will require it to auto renew when expiry come near.
@webprofusion same goes for my plesk server. I got a primary domain registered, and this sub-domain I am using plesk for try out. Same goes I have to access my hosting panel to add in the txt record to be able to challenge and renew my SSL.
Instead of the --manual command shown by that AWS page you could use a DNS plug-in to automate adding the TXT record. See the following