Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: voxx.biz

I ran this command: "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"

It produced this output:
[Thu 09 Feb 2023 09:34:29 PM CET] ===Starting cron===
[Thu 09 Feb 2023 09:34:29 PM CET] Already uptodate!
[Thu 09 Feb 2023 09:34:29 PM CET] Upgrade success!
[Thu 09 Feb 2023 09:34:29 PM CET] Auto upgraded to: 3.0.6
[Thu 09 Feb 2023 09:34:29 PM CET] Renew: 'voxx.biz'
[Thu 09 Feb 2023 09:34:29 PM CET] Renew to Le_API=https://acme.zerossl.com/v2/DV90
[Thu 09 Feb 2023 09:34:29 PM CET] Using CA: https://acme.zerossl.com/v2/DV90
[Thu 09 Feb 2023 09:34:29 PM CET] Multi domain='DNS:voxx.biz,DNS:www.voxx.biz,DNS:my.voxx.biz,DNS:sm.voxx.biz,DNS:mail.voxx.biz,DNS:adm.voxx.biz,DNS:bot.voxx.biz'
[Thu 09 Feb 2023 09:34:29 PM CET] Getting domain auth token for each domain
[Thu 09 Feb 2023 09:34:36 PM CET] Getting webroot for domain='voxx.biz'
[Thu 09 Feb 2023 09:34:36 PM CET] Getting webroot for domain='www.voxx.biz'
[Thu 09 Feb 2023 09:34:36 PM CET] Getting webroot for domain='my.voxx.biz'
[Thu 09 Feb 2023 09:34:36 PM CET] Getting webroot for domain='sm.voxx.biz'
[Thu 09 Feb 2023 09:34:36 PM CET] Getting webroot for domain='mail.voxx.biz'
[Thu 09 Feb 2023 09:34:36 PM CET] Getting webroot for domain='adm.voxx.biz'
[Thu 09 Feb 2023 09:34:36 PM CET] Getting webroot for domain='bot.voxx.biz'
[Thu 09 Feb 2023 09:34:36 PM CET] Verifying: voxx.biz
[Thu 09 Feb 2023 09:34:37 PM CET] Processing, The CA is processing your order, please just wait. (1/30)
[Thu 09 Feb 2023 09:34:40 PM CET] voxx.biz:Verify error:"error":{
[Thu 09 Feb 2023 09:34:40 PM CET] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Thu 09 Feb 2023 09:34:45 PM CET] Error renew voxx.biz.

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 20.4

My hosting provider, if applicable, is: IONOS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I use acme.sh

I use the above command "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" for a long time without problems. Now I get this error Verify error:"error":{

The log says

CS-1 21:53:31 :~/acme.sh# tail /root/.acme.sh/acme.sh.log
[Thu 09 Feb 2023 09:34:45 PM CET] Found /root/.acme.sh/notify/mail.sh for mail
[Thu 09 Feb 2023 09:34:45 PM CET] _subject='Renew Error by CS-1'
[Thu 09 Feb 2023 09:34:45 PM CET] _content='Error certs:
voxx.biz

'
[Thu 09 Feb 2023 09:34:45 PM CET] _statusCode='1'
[Thu 09 Feb 2023 09:34:48 PM CET] mail send success.
[Thu 09 Feb 2023 09:34:48 PM CET] mail Success

I noticed that since about 2 weeks the email message has the name if the server in the subject, which is very convenient, if you have several servers, like so:

Renew skipped by IONOS-1

As I didn't change anything, I guess this is due to an upgrade to acme.sh. There may have been introduced a bug in the renew part as well.

What to do now?

You might also want to post their Issues · acmesh-official/acme.sh · GitHub for additional help too.
Here is a list of issued certificates https://crt.sh/?q=voxx.biz, all from C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA

Please check this log file.

Also note that you're not using Let's Encrypt as your CA, but a different CA (ZeroSSL), but you are posting this on the Let's Encrypt Community. You might want to check out the ZeroSSL support channels, if they exist.

https://crt.sh/?q=voxx.biz looks perfectly fine.

CS-1 22:32:44 :~/acme.sh# tail /root/.acme.sh/acme.sh.log
[Thu 09 Feb 2023 10:00:39 PM CET] Found /root/.acme.sh/notify/mail.sh for mail
[Thu 09 Feb 2023 10:00:39 PM CET] _subject='Renew Error by CS-1'
[Thu 09 Feb 2023 10:00:39 PM CET] _content='Error certs:
voxx.biz

'
[Thu 09 Feb 2023 10:00:39 PM CET] _statusCode='1'
[Thu 09 Feb 2023 10:00:40 PM CET] mail send success.
[Thu 09 Feb 2023 10:00:40 PM CET] mail Success
[Thu 09 Feb 2023 10:00:40 PM CET] ===End cron===

That's not very useful.

(Basically the version number question)
What Git commit were you previously running?
What Git commit are you currently running?

I do see a GitHub issue was also created, excellent!

current: git version 2.39.1.windows.1
previously don't know, git is updating automatically

Agreed. Sorry.

Update

Now the first process runs OK, the error occurs at the second try:

CS-1 11:11:31 :/tmp# CS-1 10:36:29 :/tmp# acme-tst
[Fri 10 Feb 2023 11:10:41 AM CET] Using CA: https://acme.zerossl.com/v2/DV90
[Fri 10 Feb 2023 11:10:41 AM CET] Multi domain='DNS:voxx.biz,DNS:www.voxx.biz,DNS:my.voxx.biz,DNS:sm.voxx.biz,DNS:mail.voxx.biz,DNS:adm.voxx.biz,DNS:bot.voxx.biz'
[Fri 10 Feb 2023 11:10:41 AM CET] Getting domain auth token for each domain
[Fri 10 Feb 2023 11:11:02 AM CET] Getting webroot for domain='voxx.biz'
[Fri 10 Feb 2023 11:11:02 AM CET] Getting webroot for domain='www.voxx.biz'
[Fri 10 Feb 2023 11:11:02 AM CET] Getting webroot for domain='my.voxx.biz'
[Fri 10 Feb 2023 11:11:02 AM CET] Getting webroot for domain='sm.voxx.biz'
[Fri 10 Feb 2023 11:11:02 AM CET] Getting webroot for domain='mail.voxx.biz'
[Fri 10 Feb 2023 11:11:02 AM CET] Getting webroot for domain='adm.voxx.biz'
[Fri 10 Feb 2023 11:11:02 AM CET] Getting webroot for domain='bot.voxx.biz'
[Fri 10 Feb 2023 11:11:02 AM CET] Verifying: voxx.biz
[Fri 10 Feb 2023 11:11:04 AM CET] Processing, The CA is processing your order, please just wait. (1/30)
[Fri 10 Feb 2023 11:11:08 AM CET] Processing, The CA is processing your order, please just wait. (2/30)
[Fri 10 Feb 2023 11:11:13 AM CET] voxx.biz:Verify error:"error":{
[Fri 10 Feb 2023 11:11:13 AM CET] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Fri 10 Feb 2023 11:11:21 AM CET] Error renew voxx.biz.
[Fri 10 Feb 2023 11:11:22 AM CET] Sending via: mail
[Fri 10 Feb 2023 11:11:22 AM CET] mail Success
[Fri 10 Feb 2023 11:11:22 AM CET]CS-1: command not found

Last 40 lines of Log file

CS-1 11:13:24 :/tmp# tail -n 40 /root/.acme.sh/acme.sh.log
[Fri 10 Feb 2023 11:11:17 AM CET] _post_url='https://acme.zerossl.com/v2/DV90/chall/eRkJzrYKN49pE364RTxXhA'
[Fri 10 Feb 2023 11:11:17 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Feb 2023 11:11:18 AM CET] _ret='0'
[Fri 10 Feb 2023 11:11:18 AM CET] code='200'
[Fri 10 Feb 2023 11:11:18 AM CET] url='https://acme.zerossl.com/v2/DV90/chall/EDnQleAY6BkeFWhqMcaqvA'
[Fri 10 Feb 2023 11:11:18 AM CET] payload='{}'
[Fri 10 Feb 2023 11:11:18 AM CET] POST
[Fri 10 Feb 2023 11:11:18 AM CET] _post_url='https://acme.zerossl.com/v2/DV90/chall/EDnQleAY6BkeFWhqMcaqvA'
[Fri 10 Feb 2023 11:11:18 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Feb 2023 11:11:19 AM CET] _ret='0'
[Fri 10 Feb 2023 11:11:19 AM CET] code='200'
[Fri 10 Feb 2023 11:11:19 AM CET] url='https://acme.zerossl.com/v2/DV90/chall/RfLvclKBHXKk9_596T-9cQ'
[Fri 10 Feb 2023 11:11:19 AM CET] payload='{}'
[Fri 10 Feb 2023 11:11:19 AM CET] POST
[Fri 10 Feb 2023 11:11:19 AM CET] _post_url='https://acme.zerossl.com/v2/DV90/chall/RfLvclKBHXKk9_596T-9cQ'
[Fri 10 Feb 2023 11:11:19 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Feb 2023 11:11:20 AM CET] _ret='0'
[Fri 10 Feb 2023 11:11:20 AM CET] code='200'
[Fri 10 Feb 2023 11:11:20 AM CET] url='https://acme.zerossl.com/v2/DV90/chall/Ls9WUfuAFIHciEG_YI0i3Q'
[Fri 10 Feb 2023 11:11:20 AM CET] payload='{}'
[Fri 10 Feb 2023 11:11:20 AM CET] POST
[Fri 10 Feb 2023 11:11:20 AM CET] _post_url='https://acme.zerossl.com/v2/DV90/chall/Ls9WUfuAFIHciEG_YI0i3Q'
[Fri 10 Feb 2023 11:11:20 AM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Fri 10 Feb 2023 11:11:21 AM CET] _ret='0'
[Fri 10 Feb 2023 11:11:21 AM CET] code='200'
[Fri 10 Feb 2023 11:11:21 AM CET] Return code: 1
[Fri 10 Feb 2023 11:11:21 AM CET] Error renew voxx.biz.
[Fri 10 Feb 2023 11:11:21 AM CET] _error_level='1'
[Fri 10 Feb 2023 11:11:21 AM CET] _set_level='3'
[Fri 10 Feb 2023 11:11:22 AM CET] Sending via: mail
[Fri 10 Feb 2023 11:11:22 AM CET] Found /root/.acme.sh/notify/mail.sh for mail
[Fri 10 Feb 2023 11:11:22 AM CET] _subject='Renew Error by CS-1'
[Fri 10 Feb 2023 11:11:22 AM CET] _content='Error certs:
voxx.biz

'
[Fri 10 Feb 2023 11:11:22 AM CET] _statusCode='1'
[Fri 10 Feb 2023 11:11:22 AM CET] mail send success.
[Fri 10 Feb 2023 11:11:22 AM CET] mail Success
[Fri 10 Feb 2023 11:11:22 AM CET] ===End cron===

When you share log output, please begin with three backticks ``` on a line before and after your log data so that it will render in more readable preformatted text.

If you enter this:
```
Your log data here.
It can span multiple lines.
```

You will get this:

Your log data here.
It can span multiple lines.

That make doing a git diff impossible, so looking for what has changes will not be an available path for search for a solution to your issue.

I don't know why, but it seems acme.sh is sending the most relevant parts of the log to an email somewhere. Do you get that email? If so, what are the contents?

If not, please see the acme.sh documentation (good luck with that) to fix that email part or how to remove it entirely in the hope that the log will contain more useful information.

You might also want to complain at the acme.sh Github repo that the log is inadequate for proper debugging.

I tried the parameter force to no avail: ./acme.sh -f -r -d voxx.biz It turned out that it is not necessary to pass the multiple URLs, the certificate knows already:

CS-1 21:01:52 :~/acme.sh# ./acme.sh -f -r  -d voxx.biz
[Tue 14 Feb 2023 09:02:12 PM CET] Renew: 'voxx.biz'
[Tue 14 Feb 2023 09:02:12 PM CET] Using CA: https://acme.zerossl.com/v2/DV90
[Tue 14 Feb 2023 09:02:12 PM CET] Multi domain='DNS:voxx.biz,DNS:www.voxx.biz,DNS:my.voxx.biz,DNS:sm.voxx.biz,DNS:mail.voxx.biz,DNS:adm.voxx.biz,DNS:bot.voxx.biz'
[Tue 14 Feb 2023 09:02:12 PM CET] Getting domain auth token for each domain
 /root/.acme.sh/acme.sh.log
[Tue 14 Feb 2023 09:02:27 PM CET] Getting webroot for domain='voxx.biz'
[Tue 14 Feb 2023 09:02:27 PM CET] Getting webroot for domain='www.voxx.biz'
[Tue 14 Feb 2023 09:02:27 PM CET] Getting webroot for domain='my.voxx.biz'
[Tue 14 Feb 2023 09:02:27 PM CET] Getting webroot for domain='sm.voxx.biz'
[Tue 14 Feb 2023 09:02:27 PM CET] Getting webroot for domain='mail.voxx.biz'
[Tue 14 Feb 2023 09:02:27 PM CET] Getting webroot for domain='adm.voxx.biz'
[Tue 14 Feb 2023 09:02:27 PM CET] Getting webroot for domain='bot.voxx.biz'
[Tue 14 Feb 2023 09:02:27 PM CET] Verifying: voxx.biz
[Tue 14 Feb 2023 09:02:32 PM CET] voxx.biz:Verify error:"error":{
[Tue 14 Feb 2023 09:02:32 PM CET] Please check log file for more details: /root/.acme.sh/acme.sh.log

The log does not have any information:

CS-1 21:39:12 :~/acme.sh# tail  /root/.acme.sh/acme.sh.log
[Tue 14 Feb 2023 09:21:01 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue 14 Feb 2023 09:21:03 PM CET] _ret='0'
[Tue 14 Feb 2023 09:21:03 PM CET] code='200'
[Tue 14 Feb 2023 09:21:03 PM CET] url='https://acme.zerossl.com/v2/DV90/chall/0TtrhCIxxBhK5yNJi3rN3w'
[Tue 14 Feb 2023 09:21:03 PM CET] payload='{}'
[Tue 14 Feb 2023 09:21:03 PM CET] POST
[Tue 14 Feb 2023 09:21:03 PM CET] _post_url='https://acme.zerossl.com/v2/DV90/chall/0TtrhCIxxBhK5yNJi3rN3w'
[Tue 14 Feb 2023 09:21:03 PM CET] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue 14 Feb 2023 09:21:06 PM CET] _ret='0'
[Tue 14 Feb 2023 09:21:06 PM CET] code='200'

The notion payload='{}' is not significant, as far as I can see. My other machine has two certificates and works fine, but those are single certificates, not multiples.

You might also want to complain at the acme.sh Github repo that the log is inadequate for proper debugging.

OK.

Don't use the "force" option, it doesn't actually "force" the CA into validating a challenge which cannot be validated. That would be weird, as if I could suddenly magically "force" the CA into validating a certificate for "whitehouse.gov", which I clearly don't actually own.

The main issue with this situation is that we haven't actually seen the REAL error message from the CA validation server. It's "hidden" somewhere, maybe in some deep log file we don't know about or perhaps in that mail I've mentioned earlier.

The mail is sent to me with message Error certs: voxx.biz

This challenge result has this error message. Maybe the folks at the acme.sh github would know the reasons this can happen. I sure do not

{"type":"urn:ietf:params:acme:error:malformed","status":405,"detail":"The request message was malformed"}

Following the redirect, I see this error:

curl -Ii http://voxx.biz/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 302 Found
Server: Yaws 2.0.9
Location: https://voxx.biz:443/.well-known/acme-challenge/Test_File-1234
Date: Wed, 15 Feb 2023 06:32:09 GMT

curl -Ii https://voxx.biz:443/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 500 Internal Server Error
Server: Yaws 2.0.9
Date: Wed, 15 Feb 2023 06:32:12 GMT
Content-Type: text/html

Parameter --debug 2 delivers crucial information

CS-1 21:40:04 :~/acme.sh# ./acme.sh -f -r -d voxx.biz --debug 2 revealed the problem:

I use Yaws as webserver and it crashed in Erlang fashion which in turn produced the error in acme.sh.

The Erlang crash report given by --debug 2 showed the problem. Examination of my code revealed that I forgot a case in a helper function, thus the crash. Turns out I didn't even need that function, rather use a built in alternative. Stupid.

The log didn't reveal anything useful. My second server uses nginx, that's why I had no problem there. So this is another instance of the problem is not where you think it is but at a totally different place.

Thank you all,