It’s attempting to renew the cert, and verification apparently times out. This has been happening for several days. Here’s /shared/letsencrypt/acme.sh.log; I’m replacing encrypted material strings with “IBO*” and “mz2*”; and changing “https” to “hs” and “http” to “hp” so that I don’t overflow the new-user link limit.
[Tue Jul 4 07:38:05 UTC 2017] url='hs://acme-v01.api.letsencrypt.org/acme/challenge/IBO*'
[Tue Jul 4 07:38:05 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "mz2*"}'
[Tue Jul 4 07:38:05 UTC 2017] POST
[Tue Jul 4 07:38:05 UTC 2017] url='hs://acme-v01.api.letsencrypt.org/acme/challenge/lBO*'
[Tue Jul 4 07:38:05 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Jul 4 07:38:06 UTC 2017] _ret='0'
[Tue Jul 4 07:38:06 UTC 2017] code='202'
[Tue Jul 4 07:38:06 UTC 2017] sleep 2 secs to verify
[Tue Jul 4 07:38:08 UTC 2017] checking
[Tue Jul 4 07:38:08 UTC 2017] GET
[Tue Jul 4 07:38:08 UTC 2017] url='hs://acme-v01.api.letsencrypt.org/acme/challenge/lBO*'
[Tue Jul 4 07:38:08 UTC 2017] timeout
then three instances of
[Tue Jul 4 07:38:06 UTC 2017] sleep 2 secs to verify
[Tue Jul 4 07:38:08 UTC 2017] checking
[Tue Jul 4 07:38:08 UTC 2017] GET
[Tue Jul 4 07:38:08 UTC 2017] url='hs://acme-v01.api.letsencrypt.org/acme/challenge/lBO*'
[Tue Jul 4 07:38:08 UTC 2017] timeout
[Tue Jul 4 07:38:08 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Jul 4 07:38:08 UTC 2017] ret='0'
[Tue Jul 4 07:38:08 UTC 2017] Pending
and finally
[Tue Jul 4 07:38:13 UTC 2017] discussion.ambridgereporter.org.uk:Verify error:Fetching hp://discussion.ambridgereporter.org.uk/.well-known/acme-challenge/mz2*: Timeout
Oddly, the cert/key files are timestamped to match this, but they contain the old cert/key.
More information on request. This is my own server, and the Discourse nginx instance is exposed directly.