Tls error renewing certs

:no_bell: lease fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: other domains are renewing just not
sudo /opt/bitnami/letsencrypt/lego --tls --email="" --domains="" --domains="" --domains="" --domains="" --domains="" --domains="" --path="/opt/bitnami/letsencrypt" run

It produced this output:
2023/05/23 05:48:04 [INFO] [] acme: Trying to solve TLS-ALPN-01
2023/05/23 05:48:07 [INFO] Skipping deactivating of valid auth:
2023/05/23 05:48:07 [INFO] Skipping deactivating of valid auth:
2023/05/23 05:48:07 [INFO] Skipping deactivating of valid auth:
2023/05/23 05:48:08 [INFO] Skipping deactivating of valid auth:
2023/05/23 05:48:08 [INFO] Skipping deactivating of valid auth:
2023/05/23 05:48:08 [INFO] Deactivating auth:
2023/05/23 05:48:08 Could not obtain certificates:error: one or more domains had a problem:[] acme: error: 400 :: urn:ietf:params:acme:error:tls :: remote error: tls: no application protocol****

My web server is (include version): lightsail bitnami

The operating system my web server runs on is (include version): lightsail bitnami

My hosting provider, if applicable, is: aws lightsail

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): sorry not sure I think its lego

Following instructions here Generate and Install a Let's Encrypt SSL Certificate for a Bitnami Application
used to work fine until latest renew this week.
Checked tis here TLS Checker | Site24x7 Tools
Working domains say this
tls 1.3 disabled
tls 1.2 enabled
tls 1.1 enabled
tls 1.0 enabled
The one that doesn't says this
tls 1.3 enabled
tls 1.2 enabled
tls 1.1 disabled
tls 1.0 disabled

not sure why it would be different they were setup the same way (i thought)

The DNS IP addresses seem wrong. If these are correct can you explain more about your configuration

dig +noall +answer  111     IN      A  111     IN      A

dig +noall +answer 174  IN      A

dig +noall +answer 176   IN      A

Thanks for your help, Sorry noob here don't know where these 2 came from. How do I change these/get rid of them? In route 53 I have 2 A (1 www 1 non www) records pointing to (my static ip). Don't see anything about the other IPs.
Record name
Record type A Value Alias No TTL (seconds) 300 Routing policy Simple

1 Like

Did you change your Name Servers for that domain recently?

Because is used for your beachhouse domain rather than Route53 like for coastmobile (for example)


oooh ok I didn't, looks like someone/thing might have changed it in godaddy to point to yahoo instead of route53. Not sure who/why, I'll check when they get in this morning. Strange that is getting the correct ip from route53 but the non-www version is not and going to yahoo. thanks for your help.

1 Like

You can confirm your DNS changes with the website tool below. It looks up IP addresses very similarly to how Let's Encrypt does. As for the www domain, it isn't using Route53 either so maybe you just have the right value in its name server.


thanks that was it, godaddy randomly changes nameservers for some reason when they upgraded their dns system. thanks again


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.