npm cannot renew letsencrypt certificates, certificates expire and there is no renovation

[fgarcia-humanoide]

npm cannot renew letsencrypt certificates, certificates expire and there is no renovation

[fgarcia-humanoide]

worked 6 months. Now certificates expired and if you force a rennovation an error appears

[fgarcia-humanoide]

Renew Let's Encrypt Certificate Internal Error

[gokuale]

same problem, version 2.11.1

[YummyToadies]

Same here, here is the output of the log (id's, base64, domains replaced):

2024-04-18 21:02:13,524:DEBUG:certbot._internal.main:certbot version: 2.9.0 2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot 2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Arguments: ['--force-renewal', '--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-13', '--disable-hook-validation', '--no-random-sleep-on-renew'] 2024-04-18 21:02:13,525:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#directadmin,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2024-04-18 21:02:13,579:DEBUG:certbot._internal.log:Root logging level set at 30 2024-04-18 21:02:13,581:DEBUG:certbot._internal.display.obj:Notifying user: Processing /etc/letsencrypt/renewal/npm-13.conf 2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var config_dir=/etc/letsencrypt (set by user). 2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var logs_dir=/tmp/letsencrypt-log (set by user). 2024-04-18 21:02:13,583:DEBUG:certbot.configuration:Var work_dir=/tmp/letsencrypt-lib (set by user). 2024-04-18 21:02:13,584:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None 2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var preferred_chain=ISRG Root X1 (set by user). 2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var key_type=ecdsa (set by user). 2024-04-18 21:02:13,584:DEBUG:certbot.configuration:Var elliptic_curve=secp384r1 (set by user). 2024-04-18 21:02:13,599:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal... 2024-04-18 21:02:13,600:DEBUG:certbot._internal.plugins.selection:Requested authenticator directadmin and installer None 2024-04-18 21:02:13,600:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: directadmin Description: Obtain a certificate using a DNS TXT record in directadmin Interfaces: Authenticator, Plugin Entry point: EntryPoint(name='directadmin', value='certbot_dns_directadmin.dns_directadmin:Authenticator', group='certbot.plugins') Initialized: <certbot_dns_directadmin.dns_directadmin.Authenticator object at 0x7f1cdc395b90> Prep: True 2024-04-18 21:02:13,601:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_directadmin.dns_directadmin.Authenticator object at 0x7f1cdc395b90> and installer None 2024-04-18 21:02:13,601:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator directadmin, Installer None 2024-04-18 21:02:13,736:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/', new_authzr_uri=None, terms_of_service=None), 7d91f774b85261e99787fb37989f16d8, Meta(creation_dt=datetime.datetime(2021, 2, 25, 9, 28, 46, tzinfo=), creation_host='a9a7ec130998', register_to_eff=None))> 2024-04-18 21:02:13,738:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2024-04-18 21:02:13,741:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2024-04-18 21:02:14,139:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 747 2024-04-18 21:02:14,140:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:02:14 GMT Content-Type: application/json Content-Length: 747 Connection: keep-alive Cache-Control: public, max-age=0, no-cache X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "Vvg5AejWZ-g": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } 2024-04-18 21:02:14,142:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for .website.nl 2024-04-18 21:02:14,148:DEBUG:acme.client:Requesting fresh nonce 2024-04-18 21:02:14,148:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce. 2024-04-18 21:02:14,283:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0 2024-04-18 21:02:14,284:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:02:14 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: FUnC6kMpCZMAkAb02iWTYOvskc4chpss_xG8LllzLOR5hxbTtvc X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 2024-04-18 21:02:14,284:DEBUG:acme.client:Storing nonce: FUnC6kMpCZMAkAb02iWTYOvskc4chpss_xG8LllzLOR5hxbTtvc 2024-04-18 21:02:14,284:DEBUG:acme.client:JWS payload: b'{\n "identifiers": [\n {\n "type": "dns",\n "value": ".website.nl"\n }\n ]\n}' 2024-04-18 21:02:14,289:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order: { "protected": "", "signature": "", "payload": "" } 2024-04-18 21:02:14,613:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341 2024-04-18 21:02:14,614:DEBUG:acme.client:Received response: HTTP 201 Server: nginx Date: Thu, 18 Apr 2024 21:02:14 GMT Content-Type: application/json Content-Length: 341 Connection: keep-alive Boulder-Requester: 113867616 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/ Replay-Nonce: Y89UXNyaeHtNDdgR8Zc1dRY8gED8axjHUmMpKW1BMnSD79nD7wI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "status": "pending", "expires": "2024-04-25T21:02:14Z", "identifiers": [ { "type": "dns", "value": ".website.nl" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/" } 2024-04-18 21:02:14,614:DEBUG:acme.client:Storing nonce: Y89UXNyaeHtNDdgR8Zc1dRY8gED8axjHUmMpKW1BMnSD79nD7wI 2024-04-18 21:02:14,614:DEBUG:acme.client:JWS payload: b'' 2024-04-18 21:02:14,617:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/: { "protected": "", "signature": "", "payload": "" } 2024-04-18 21:02:14,776:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/ HTTP/1.1" 200 388 2024-04-18 21:02:14,776:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:02:14 GMT Content-Type: application/json Content-Length: 388 Connection: keep-alive Boulder-Requester: 113867616 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: FUnC6kMpzkXJl7wO0pvulDAYAIkFvszesCA1Abblz67F-VF8n94 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "website.nl" }, "status": "pending", "expires": "2024-04-25T21:02:14Z", "challenges": [ { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3//", "token": "" } ], "wildcard": true } 2024-04-18 21:02:14,776:DEBUG:acme.client:Storing nonce: FUnC6kMpzkXJl7wO0pvulDAYAIkFvszesCA1Abblz67F-VF8n94 2024-04-18 21:02:14,777:INFO:certbot._internal.auth_handler:Performing the following challenges: 2024-04-18 21:02:14,777:INFO:certbot._internal.auth_handler:dns-01 challenge for website.nl 2024-04-18 21:02:15,173:DEBUG:certbot_dns_directadmin.dns_directadmin:Record Domain: _acme-challenge.website.nl 2024-04-18 21:02:15,174:DEBUG:certbot_dns_directadmin.dns_directadmin:Subdomain: _acme-challenge 2024-04-18 21:02:15,174:DEBUG:certbot_dns_directadmin.dns_directadmin:Domain: website.nl 2024-04-18 21:02:22,424:DEBUG:certbot_dns_directadmin.dns_directadmin:{'error': '0', 'message': 'Record toegevoegd'} 2024-04-18 21:02:22,424:INFO:certbot_dns_directadmin.dns_directadmin:Successfully added TXT record for _acme-challenge.website.nl 2024-04-18 21:02:22,424:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 60 seconds for DNS changes to propagate 2024-04-18 21:03:22,425:DEBUG:acme.client:JWS payload: b'{}' 2024-04-18 21:03:22,428:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3//: { "protected": "", "signature": "", "payload": "e30" } 2024-04-18 21:03:22,605:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3//HTTP/1.1" 200 186 2024-04-18 21:03:22,606:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:03:22 GMT Content-Type: application/json Content-Length: 186 Connection: keep-alive Boulder-Requester: 113867616 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/>;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3// Replay-Nonce: Y89UXNyamjbV4w4lm5tAafZSD7n3wESszQClc71lhiI1fwTEbYQ X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3//", "token": "" } 2024-04-18 21:03:22,606:DEBUG:acme.client:Storing nonce: Y89UXNyamjbV4w4lm5tAafZSD7n3wESszQClc71lhiI1fwTEbYQ 2024-04-18 21:03:22,607:INFO:certbot._internal.auth_handler:Waiting for verification... 2024-04-18 21:03:23,607:DEBUG:acme.client:JWS payload: b'' 2024-04-18 21:03:23,611:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/: { "protected": "", "signature": "", "payload": "" } 2024-04-18 21:03:23,767:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/ HTTP/1.1" 200 683 2024-04-18 21:03:23,768:DEBUG:acme.client:Received response: HTTP 200 Server: nginx Date: Thu, 18 Apr 2024 21:03:23 GMT Content-Type: application/json Content-Length: 683 Connection: keep-alive Boulder-Requester: 113867616 Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: FUnC6kMpHX49EszZJ1e9KsOKNw5FWL4Uj6QJ5pwnV3keuqJKprA X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 { "identifier": { "type": "dns", "value": "website.nl" }, "status": "invalid", "expires": "2024-04-25T21:02:14Z", "challenges": [ { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"xR9dGioZ22CdTpHBP-NoYleDK3lw61DC2e2zIsBXtto\" (and 724 more) found at _acme-challenge.website.nl", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3//", "token": "", "validated": "2024-04-18T21:03:22Z" } ], "wildcard": true } 2024-04-18 21:03:23,768:DEBUG:acme.client:Storing nonce: FUnC6kMpHX49EszZJ1e9KsOKNw5FWL4Uj6QJ5pwnV3keuqJKprA 2024-04-18 21:03:23,769:INFO:certbot._internal.auth_handler:Challenge failed for domain website.nl 2024-04-18 21:03:23,769:INFO:certbot._internal.auth_handler:dns-01 challenge for website.nl 2024-04-18 21:03:23,769:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: directadmin). The Certificate Authority reported these problems: Domain: website.nl Type: unauthorized Detail: Incorrect TXT record "xR9dGioZ22CdTpHBP-NoYleDK3lw61DC2e2zIsBXtto" (and 724 more) found at _acme-challenge.website.nl Hint: The Certificate Authority failed to verify the DNS TXT records created by --directadmin. Ensure the above domains are hosted by this DNS provider, or try increasing --directadmin-propagation-seconds (currently 60 seconds). 2024-04-18 21:03:23,770:DEBUG:certbot._internal.error_handler:Encountered exception: Traceback (most recent call last): File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2024-04-18 21:03:23,771:DEBUG:certbot._internal.error_handler:Calling registered functions 2024-04-18 21:03:23,771:INFO:certbot._internal.auth_handler:Cleaning up challenges 2024-04-18 21:03:24,156:DEBUG:certbot_dns_directadmin.dns_directadmin:Record Domain: _acme-challenge.website.nl 2024-04-18 21:03:24,157:DEBUG:certbot_dns_directadmin.dns_directadmin:Subdomain: _acme-challenge 2024-04-18 21:03:24,157:DEBUG:certbot_dns_directadmin.dns_directadmin:Domain: website.nl 2024-04-18 21:03:33,402:DEBUG:certbot_dns_directadmin.dns_directadmin:{'error': '0', 'message': 'Records verwijderd'} 2024-04-18 21:03:33,402:INFO:certbot_dns_directadmin.dns_directadmin:Successfully removed TXT record for _acme-challenge.website.nl 2024-04-18 21:03:33,403:ERROR:certbot._internal.renewal:Failed to renew certificate npm-13 with error: Some challenges have failed. 2024-04-18 21:03:33,406:DEBUG:certbot._internal.renewal:Traceback was: Traceback (most recent call last): File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request main.renew_cert(lineage_config, plugins, renewal_candidate) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1550, in renew_cert renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert renewal.renew_cert(config, domains, le_client, lineage) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert new_cert, new_chain, newkey, = le_client.obtain_certificate(domains, new_key) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort) File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations raise errors.AuthorizationError('Some challenges have failed.') certbot.errors.AuthorizationError: Some challenges have failed. 2024-04-18 21:03:33,410:DEBUG:certbot._internal.display.obj:Notifying user:

---

2024-04-18 21:03:33,411:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed: 2024-04-18 21:03:33,411:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-13/fullchain.pem (failure) 2024-04-18 21:03:33,411:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2024-04-18 21:03:33,411:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/opt/certbot/bin/certbot", line 8, in sys.exit(main()) ^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main return config.func(config, plugins) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1642, in renew renewed_domains, failed_domains = renewal.handle_renewal_request(config) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request raise errors.Error( certbot.errors.Error: 1 renew failure(s), 0 parse failure(s) 2024-04-18 21:03:33,413:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)

[LargeTalons]

I had this same issue. For whatever reason, after deleting and re-adding my port forwards for NPM, I was able to manually renew the scripts...but it seems NPM wasn't going to renew them on its own? Im not sure now as I went ahead and manually renewed everything.

[Scope666]

Also having this problem:

2024-05-02 09:12:51,194:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/345775467017:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU4NzUyMzY1NyIsICJub25jZSI6ICJZXzdBSVF1VVA3Qk9RTHJmSDlyWjZUSldvWGMwaW4xZ0pYc1ZlVm9XVGIyanhBNUFEZWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0NTc3NTQ2NzAxNyJ9",
  "signature": "Ty2thtpIzJZ2zsWD9jPtH6hjKKCNGZ6ChgDTc5sMUfVg2Aos1UXQKr2fmqPHIA4LrQiFRJtnCaJwjm0S2Dg96deTnTWZ-cxHH7SXJVlHalc7ULjWHtININltC7z56x79F0OZ_QoIK1ZToujHtJXqqG2edD970IPwoQ9entU9yq9O05jv02YqXPECFvosiYMAvUt-RwYYcnvyOqzN-nJUguAWOGu2MUhPHtQgw-2tzUG_2uGS4FEhCFHxpZ9mVYBJ-iG6C09bNL0NKGnO56_HbAK7rOEhN-wRB3cY62rXkvOyt6dRj_8EFbkuS5SAQxQQdfCpEEOvTHDYQ0i4gkPbZg",
  "payload": ""
}
2024-05-02 09:12:51,272:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/345775467017 HTTP/1.1" 200 1622
2024-05-02 09:12:51,272:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 02 May 2024 13:12:51 GMT
Content-Type: application/json
Content-Length: 1622
Connection: keep-alive
Boulder-Requester: 1587523657
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: O0afatDIoVQUycPsUmZ0-4Xy_aMurgSzbBqqdJgeM7jOK-PtDH8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "scopexxxx.us.to"
  },
  "status": "invalid",
  "expires": "2024-05-09T13:12:37Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "During secondary validation: 73.160.xx.xxx: Fetching http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/345775467017/OjYacA",
      "token": "5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
      "validationRecord": [
        {
          "url": "http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
          "hostname": "scopexxxx.us.to",
          "port": "80",
          "addressesResolved": [
            "73.160.xx.xxx"
          ],
          "addressUsed": "73.160.xx.xxx",
          "resolverAddrs": [
            "A:10.1.12.81:31390",
            "AAAA:10.1.12.89:26534"
          ]
        },
        {
          "url": "https://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8",
          "hostname": "scopexxxx.us.to",
          "port": "443",
          "addressesResolved": [
            "73.160.xx.xxx"
          ],
          "addressUsed": "73.160.xx.xxx",
          "resolverAddrs": [
            "A:10.1.12.85:30182",
            "AAAA:10.1.12.89:26534"
          ]
        }
      ],
      "validated": "2024-05-02T13:12:37Z"
    }
  ]
}
2024-05-02 09:12:51,272:DEBUG:acme.client:Storing nonce: O0afatDIoVQUycPsUmZ0-4Xy_aMurgSzbBqqdJgeM7jOK-PtDH8
2024-05-02 09:12:51,272:INFO:certbot._internal.auth_handler:Challenge failed for domain scopexxxx.us.to
2024-05-02 09:12:51,272:INFO:certbot._internal.auth_handler:http-01 challenge for scopexxxx.us.to
2024-05-02 09:12:51,273:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: scopexxxx.us.to
  Type:   connection
  Detail: During secondary validation: 73.160.xx.xxx: Fetching http://scopexxxx.us.to/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2024-05-02 09:12:51,273:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-05-02 09:12:51,273:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-05-02 09:12:51,273:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-05-02 09:12:51,273:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/5qB8bq97izOw1_69iyQtN3SGR9ERT9okSRHCyLq2O-8
2024-05-02 09:12:51,273:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2024-05-02 09:12:51,274:ERROR:certbot._internal.renewal:Failed to renew certificate npm-4 with error: Some challenges have failed.
2024-05-02 09:12:51,275:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 540, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1550, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-05-02 09:12:51,276:DEBUG:certbot._internal.display.obj:Notifying user: 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-05-02 09:12:51,276:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2024-05-02 09:12:51,276:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/npm-4/fullchain.pem (failure)
2024-05-02 09:12:51,276:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-05-02 09:12:51,276:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1642, in renew
    renewed_domains, failed_domains = renewal.handle_renewal_request(config)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/renewal.py", line 568, in handle_renewal_request
    raise errors.Error(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2024-05-02 09:12:51,276:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)

[YummyToadies]

I tried removed re-adding, but too bad. Now I updated my docker container to the latest version (V2.11.2), re-added the (wildcard) certificate with propagation set to 120 seconds (DNS challenge with DIrectAdmin). During setup for a new certificate it will add 2 ACME challenge DNS records, and I had to delete the first generated. If I didn't it failed (invalid ACME challenge).

I have zero knowledge of this, but this what worked for me, dunno why.

[Scope666]

Ok, if it helps anybody else... I found the culprit for me at least. GEO BLOCKING in my router. I have Unifi gear and I block inbound based on country. Recent changes in the Let's Encrypt API have the checks coming in from non-US locations. I temp turned it off and was able to renew all 4 of my certs.