I would like expose our case in order to find some light at the final of the tunnel.
We have 8 servers with Windows Server 2016 + Plesk 18.0.43 + Lets Encrypt 3.0.0-785 and we are having the same issue in all servers since the same day. The last week we had 102 domains with the same problem.
This problem happen with new or renewed certs. We can cert the "raw" domain but we have problems with the "www.". This problem not happens always (it's random). If you try it 4 times maybe you can issue the cert at first try or maybe in other try but sometimes it's impossible and we stop retries in order to don't reach the limits (5 times a week).
We tried to renew certs with the "redirect http to https" option disabled, deleting ".well-known" folder, etc but without luck.
This is an example: marcosanache.es
Server ip: 82.223.1.108
Software: Windows Server 2016 + Plesk 18.0.43 + Lets Encrypt 3.0.0-785
ISP: Arsys (IONOS)(1&1)
Location: Spain
Error: Timeout during connect (likely firewall problem)
Invalid response: https://acme-v02.api.letsencrypt.org/acme/authz-v3/104265492297
Fetching url: http://www.marcosanache.es/.well-known/acme-challenge/aGG7lPdqHhM3UyS1uqXEx9jPrEqpFfNzdETdqt93rO0
When we have this issue, we always can access to the problematic urls (from inside and outside of the server) immediately and without any problem.. Also, we tested the urls with a webpage that test access of the urls from different countries: https://geopeeker.com/fetch/?url=http%3A%2F%2Fwww.marcosanache.es%2F.well-known%2Facme-challenge%2FaGG7lPdqHhM3UyS1uqXEx9jPrEqpFfNzdETdqt93rO0&csrf_token=mLnF3pPPxAfGVWfsh4vp9HKx2jOEacfMJzZOVtfUn4U%3D
The Let's debug test seems to be ok: Let's Debug
Some tests from the server (82.223.1.108):
ping acme-v02.api.letsencrypt.org
Haciendo ping a ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com [172.65.32.248] con 32 bytes de datos:
Respuesta desde 172.65.32.248: bytes=32 tiempo=7ms TTL=59
Respuesta desde 172.65.32.248: bytes=32 tiempo=7ms TTL=59
Respuesta desde 172.65.32.248: bytes=32 tiempo=7ms TTL=59
Respuesta desde 172.65.32.248: bytes=32 tiempo=7ms TTL=59
Estadisticas de ping para 172.65.32.248:
Paquetes: enviados = 4, recibidos = 4, perdidos = 0
(0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
Minimo = 7ms, M ximo = 7ms, Media = 7ms
tracert acme-v02.api.letsencrypt.org
Traza a la direccion ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com [172.65.32.248]
sobre un m ximo de 30 saltos:
1 <1 ms <1 ms <1 ms 10.255.255.2
2 1 ms 1 ms 1 ms 82.223.41.10
3 6 ms 8 ms 6 ms ae-6.bb-b.epx.mad.es.net.ionos.com [212.227.121.105]
4 8 ms 7 ms 8 ms ae-8.bb-a.mad2.mad.es.oneandone.net [212.227.120.7]
5 18 ms 16 ms 15 ms cloudflare.alta.espanix.net [185.79.175.179]
6 7 ms 8 ms 13 ms 172.70.60.2
7 7 ms 7 ms 7 ms 172.65.32.248
Traza completa.
tracetcp acme-v02.api.letsencrypt.org:443 (6 attempts in a row)
Tracing route to 172.65.32.248 on port 443
Over a maximum of 30 hops.
1 1 ms 0 ms 0 ms 10.255.255.2
2 2 ms 1 ms 3 ms 82.223.41.10
3 10 ms 9 ms 7 ms 212.227.121.105 [ae-6.bb-b.epx.mad.es.net.ionos.com]
4 9 ms 8 ms 9 ms 212.227.120.7 [ae-8.bb-a.mad2.mad.es.oneandone.net]
5 10 ms 12 ms 9 ms 172.70.60.2
6 Destination Reached in 9 ms. Connection established to 172.65.32.248
Trace Complete.
Tracing route to 172.65.32.248 on port 443
Over a maximum of 30 hops.
1 1 ms 2 ms 2 ms 10.255.255.2
2 1 ms 1 ms 2 ms 82.223.41.9
3 8 ms 9 ms 9 ms 212.227.121.137 [ae-6.bb-a.mad2.mad.es.net.ionos.com]
4 8 ms 35 ms 9 ms 185.79.175.179 [cloudflare.alta.espanix.net]
5 11 ms 9 ms 9 ms 185.79.175.179 [cloudflare.alta.espanix.net]
6 9 ms Destination Reached in 8 ms. Connection established to 172.65.32.248
Trace Complete.
Tracing route to 172.65.32.248 on port 443
Over a maximum of 30 hops.
1 2 ms 0 ms 0 ms 10.255.255.2
2 2 ms 1 ms 1 ms 82.223.41.10
3 9 ms 7 ms 9 ms 212.227.121.105 [ae-6.bb-b.epx.mad.es.net.ionos.com]
4 17 ms 8 ms 10 ms 185.79.175.179 [cloudflare.alta.espanix.net]
5 10 ms 9 ms 33 ms 188.114.108.7
6 9 ms Destination Reached in 10 ms. Connection established to 172.65.32.248
Trace Complete.
Tracing route to 172.65.32.248 on port 443
Over a maximum of 30 hops.
1 2 ms 2 ms 2 ms 10.255.255.2
2 2 ms 2 ms 2 ms 82.223.41.10
3 9 ms 7 ms 10 ms 212.227.121.137 [ae-6.bb-a.mad2.mad.es.net.ionos.com]
4 10 ms 8 ms 8 ms 212.227.120.7 [ae-8.bb-a.mad2.mad.es.oneandone.net]
5 10 ms 9 ms 8 ms 185.79.175.179 [cloudflare.alta.espanix.net]
6 Destination Reached in 10 ms. Connection established to 172.65.32.248
Trace Complete.
Tracing route to 172.65.32.248 on port 443
Over a maximum of 30 hops.
1 1 ms 0 ms 1 ms 10.255.255.2
2 1 ms 1 ms 1 ms 82.223.41.10
3 8 ms 8 ms 9 ms 212.227.121.105 [ae-6.bb-b.epx.mad.es.net.ionos.com]
4 10 ms 9 ms 9 ms 185.79.175.179 [cloudflare.alta.espanix.net]
5 10 ms 20 ms 10 ms 185.79.175.179 [cloudflare.alta.espanix.net]
6 Destination Reached in 10 ms. Connection established to 172.65.32.248
Trace Complete.
Tracing route to 172.65.32.248 on port 443
Over a maximum of 30 hops.
1 1 ms 1 ms 2 ms 10.255.255.2
2 1 ms 3 ms 1 ms 82.223.41.9
3 7 ms 9 ms 8 ms 212.227.121.105 [ae-6.bb-b.epx.mad.es.net.ionos.com]
4 10 ms 9 ms 8 ms 212.227.120.7 [ae-8.bb-a.mad2.mad.es.oneandone.net]
5 14 ms 10 ms 11 ms 172.70.58.2
6 12 ms Destination Reached in 9 ms. Connection established to 172.65.32.248
Trace Complete.
Thank you in advance!