Le certificat Let's Encrypt ne se renouvelle pas automatiquement, mais la reconstruction déclenche le renouvellement

I looked at other similar topics, but couldn’t find the reason. I might have missed some info.

Automatic renewal of the SSL certificate has been failing for months on one of my forums. From acme.sh.log:

[Thu Sep 18 00:32:58 UTC 2025] error='"error":{"type":"urn:ietf:params:acme:error:connection","detail":"2a01:4f8:c17:6ebb::: Fetching https://forum.tevives.fr: Timeout during connect (likely firewall problem)","status": 400'

[Thu Sep 18 00:32:59 UTC 2025] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'

Rebuilding the app properly renews the certificate.

This is a standard install, no fancy stuff, no CDN, no reverse proxy, etc.

The firewall is set as:

image1188×903 48.8 KB

Any idea why this issue happens, and how to fix it?

EDIT: TL;DR: I don’t know.

When was your last rebuild? Oh, but this has been going on for a while.

There was something recently about the http port being redirected for .well-known paths, but yours it https. It doesn’t make much sense that it’d be timing out unless the acme process that’s supposed to be listening isn’t for some reason.

I rebuilt yesterday since the certificate wasn’t renewed the day before. It also failed the June 20th and I had to rebuild as well.

The other thing you can do next time is try running it by hand in the container to see if you can get some other idea then.