Let's Encrypt renewal problem

Hi

Yes, a few days ago I had a failure to auto-renew.

When I first tried obtaining a LE certificate a few times (a couple of months back) I failed miserably, then I spotted a post suggesting that country blocking could prevent the process (which makes sense as I had USA set to block 'From'; again, oops) so after letting the USA back through, I requested my certificate again and this time, it worked.

Folloing the successful installation of the certificate, I then set the USA back to 'From' and instead created a country blocking exception for acme-v01.api.letsencrypt.org and once again, I hit the 'Renew' button in the Certificate Management section, and that also worked; my certificate was successfully updated. I waited a while and tried again, and once again the renewal process worked, so I was pretty confident that I'd found the solution.*

That all said, another poster then tried that same trick and for some odd reason, they were unsuccessful.

Move forward to last week (and with me now running 9.603-1) and I received an email from UTM stating that the automatic certificate renewal process had failed, so I again tried the manual renew process and that also failed. I wondered if the LE domain had been changed, but looking at the logs showed that it was still acme-v01.api.letsencrypt.org (implying that it hadn't changed) so this time I had to let the USA back through country blocking (and then after hitting the manual refresh button, this time it worked) so in my case, it certainly looks like something associated with the 9.603-1 update is perhaps now preventing my country blocking exception for acme-v01.api.letsencrypt.org from working.

Anyhow, it's no big deal for me as I can simply let the USA back through after receiving my next failure e-mail (assuming it does fail, that is) and then manually hit the 'refresh' button.

Bri

*Incidentally, after re-testing that country blocking exception yet one more time - just to prove it was 100% reliable - it failed to renew the certificate. I looked at the LE logs and at the LE site, discovering that you can only apply 5 times (in any 5 day rolling period) then you get biffed off the LE server for 5 days; oops! Of course, it wasn't an issue as my existing certificate still had 90 days of life left in it.

Hi Briain,

Thanks for replying.  I live in the US, so USA blocking doesn't apply.  Although acme-v01.x.x.x domain shows in the log, I went ahead and make an exception and do a manual renewal and my LE still failed.

BTW, I'm also aware of the 5 days limitation on the manual renewal

Ah, well your location rather rules out my country blocking issue! :-)

Anyhow, with me living in Scotland, with the USA permitted through country blocking and after a manual renew, it did actually work, so that implies 9.603-1 is capable of successfully refreshing an LE certificate.

Bri

Ah, well your location rather rules out my country blocking issue! :-)

Anyhow, with me living in Scotland, with the USA permitted through country blocking and after a manual renew, it did actually work, so that implies 9.603-1 is capable of successfully refreshing an LE certificate.

Bri