I did not look at your private bin website data as I don't follow links to unknown sites (using a browser).
But you are asking about limits and it is possible you are reaching one. The apex domain floristtouch.com is shared by a large number of sites. See the recent history here
I would not be surprised if you got an error saying too many certificates already issued. Was that the message? Rate Limit info and the request form to override limits are here:
This is the error. It's not too many certificates.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: siobhan-miller.
Type: unauthorized
Detail: Invalid response from http://siobhan-miller./.well-known/acme-challenge/uidaTCguKQQS4SANhYPbcZWjOCCzbw-IALFTfCd_cIo
[178.79.159.104]: "\r\n404 Not
Found\r\n\r\n
404 Not
Found
\r\nnginx\r\n"
Domain: www.siobhan-miller.f
Type: unauthorized
Detail: Invalid response from http://www.siobhan-miller..well-known/acme-challenge/_p5vdZYQEENUi4W_j3qhnx4sh0zgb1NoMc6nafaGelE
[178.79.159.104]: "\r\n404 Not
Found\r\n\r\n
404 Not
Found
\r\nnginx\r\n"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Please note that --force-renewal does not help at all in this situation. As there has not been any other certificates for this certificate, it's not even a renewal.. You can't just magically force Let's Encrypt to issue a certificate for you, if they aren't able to validate the hostname. That would be weird!
Yeah, I am still not touching that website with a browser. The html looks to be full of spam - pukka sweaters, hot-deals, ... Sorry, your page got merged with a prior in my sandbox. It was prior site with the spam.
Still, could you provide the URL directly to the log file or use the upload icon in this forum to upload it?
I believe you when you say you know letsencrypt well. At the same time this domain name has never gotten a cert.
> I believe you when you say you know letsencrypt well. At the same time this domain name has never gotten a cert.
I personally don't know letsencrypt, I'm not a developer, but the current developers are having an issue fixing it. We have over 100 subdomains using ssl so that's not been an issue until recently.
Well, I do not have a definitive answer but I have a possible, even likely, solution. I think you need to update your Certbot version so that you can use this option on the certbot command:
--nginx-sleep-seconds NGINX_SLEEP_SECONDS
Number of seconds to wait for nginx configuration
changes to apply when reloading. (default: 1)
For nginx configs that have a lot of server blocks (which yours does) it sometimes takes longer to reload nginx to effect the temp changes it makes for the http challenges.
Setting this value to 10 or 20 should be enough. That said, I am not certain this will help but it is the best explanation for your description.
You need to update to use this option as it was added in certbot for Jul 2020. See this github item for details
OTHER ERRATA
In the log were other errors which your team should fix. It is (probably not) affecting this error but could be causing other problems.
Item 1 - Damaged renewal conf file for christina-brady
2022-01-28 14:03:18,264:DEBUG:certbot.cert_manager:Renewal conf file
/etc/letsencrypt/renewal/christina-brady.floristtouch.com.conf is broken. Skipping.
certbot.errors.CertStorageError: renewal config file {} is missing a required file reference
Item 2 - Broken symlinks for wildhedgerow
2022-01-28 14:03:18,274:DEBUG:certbot.cert_manager:Renewal conf file
/etc/letsencrypt/renewal/wildhedgerowflorist.co.uk.conf is broken. Skipping.
/etc/letsencrypt/live/wildhedgerowflorist.co.uk/cert.pem to be a symlink