Letsencrypt fails to renew certificates

I am getting this:

time="2024-01-23T04:13:40Z" level=error msg="Error renewing certificate from LE: {mydomain.com }" providerName=certresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" error="error: one or more domains had a problem:\n[nydomain.com] acme: error: 400 :: urn:ietf:params:acme:error:tls :: xx.xx.xx.xx: remote error: tls: unrecognized name\n"

Traefik 2.9.3, runs in a container on a docker swarm, worked fine for a year. In the container looks good:

nslookup acme-v02.api.letsencrypt.org

Server: 127.0.0.11
Address: 127.0.0.11:53

Non-authoritative answer:
acme-v02.api.letsencrypt.org canonical name = prod.api.letsencrypt.org
prod.api.letsencrypt.org canonical name = ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Name: ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Address: 172.65.32.248

Non-authoritative answer:
acme-v02.api.letsencrypt.org canonical name = prod.api.letsencrypt.org
prod.api.letsencrypt.org canonical name = ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Name: ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Address: 2606:4700:60:0:f53d:5624:85c7:3a2c

/ # nslookup mydomain.com
Server: 127.0.0.11
Address: 127.0.0.11:53

Non-authoritative answer:

Non-authoritative answer:
Name: mydomain.com
Address: xx.xx.xx.xx

Any ideas how to fix this?

Start by updating Traefik to latest, why use an outdated version from October 2022, maybe an LE API has changed.

Thank you for your comment, already tried the latest traefik - did not help, the same error.
nslookup resolves the letsencrypt server and my domain names, can ping all of them.

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

static config is empty, all is default thus?

All this worked fine with traefik 2.9.3 since last certificates update a year ago, certificates expired recently

if this is important - this runs on a raspberry pi 4

Some ideas:

  1. Set log level to debug
  2. Enable constraint node.role == manager, too

There seem to be some mounted things, maybe from a NAS. Is the connection stable and all files are really available within Docker? If not, restart the container.

log that precedes the failure, this was always there, on startup, did not manage to fix this

time="2024-01-23T04:13:02Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=ep-http
time="2024-01-23T04:13:02Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=ep-https
time="2024-01-23T04:13:02Z" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=ep-https
time="2024-01-23T04:13:02Z" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=ep-http

Static config is in command.

That sometimes happens, but usually when the old container is shut down.

command section of docker compose?

i physically moving the equipment, probably disconnected some cables, power was on
maybe, not sure, there was an uncontrolled power down
can't surely say that

i switched to latest after that, should be a new container

does it make sense to clean logs, maybe re-create docker volumes?

LetsEncrypt certs usually only last for 3 months. Did you use a paid TLS cert before?

it's an nfs volume on the same host, not nas, just shared nfs volume

node.hostname is hardwired to the same host, there are multiple managers in the docker swarm, traefik should run on this host because of nat config on the internet provider router

never used payed, it's the free one

You can have multiple constraints, Traefik must run on manager.

Restart the Traefik container and check the logs again. Check if some or all TLS fail, check acme.json file.

looking at debug logs, there is a lot, need a few minutes

time="2024-01-23T04:02:37Z" level=error msg="Unable to obtain ACME certificate for domains "foo.mydomain.com": unable to generate a certificate for the domains [foo.mydomain.com]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" routerName=r-foo@file rule="Host(foo.mydomain.com)" providerName=certresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"