Hmmm … the security groups on my server are the default and all domains are pinging the proper IP address. Spelling of canonical domains have been triple checked. Also the multisite is live now and has been up and working without interruption since first build, just cannot get letsencrypt tasks to pass now - without even changing any of the domains currently on the cert. Also should mention HSTS it enabled, but I thought that was no longer an issue in re-provisioning using letsencrypt.
What is the method of connection to the server to trigger the challenge? I don’t have a firewall in place. I will say it is a private networked instance with an attached public floating ip, which is what we use for every domain in the multisite. I’ve considered something about this could be the issue and I’m asking my host to check the router and networking settings.
This is only since moving this multisite installation to an ubuntu 18 server. It worked when I successfully followed some ideas from this thread, built the ubuntu 18 server, attached the floating IP, provisioned and deployed on Dec. 28, 2018. I’m aware there have been some changes to trellis since then. I have updated to the latest trellis. I wondered if this was python related, but I made sure the server has both Python 3.6.7 and Python 2.7.15rc1. I tried using a slightly older commit of renew-certs.py but still got the same error.
Just don’t understand how it is working - I can deploy to it, which I have as recently as last night, but I need to be able to reprovision to domain map and add new sites to the network. I tried to start the process of building a new server from scratch, faking DNS and starting with SSL: disabled but I continue to encounter privilege escalation timeouts, so perhaps something is amiss with my host provider.
Anyway, any ideas are welcome. I will keep this thread updated if I learn anything elsewhere…