Lets encrypt and subdomains

ecomlabs

Hi everyone!
I'd like to know if your subdomain certificates are being renewed automatically.
I had to manually renew one today. Are you experiencing this issue, or is it just me?

Thanks

slimx

You know what, I had 2 SITES now in the last week where the mail. subdomain SSL did not renew. Despite working for 2 years just fine, it just decided to fail. Turns out somehow the mail. AAAA record was blocking it.

Adam

slimx Turns out somehow the mail. AAAA record was blocking it.

Let's Encrypt always prefer the AAAA record. If that record points to an IP that isn't bound to the server then that would cause a renewal failure.

Another potential cause of automatic renewal failure is where the server can't reach the domain via the IP published in DNS - firewall problems, hairpin NAT unavailable, etc. A manual renewal bypasses that check.