On a Ubuntu 18.04 bionic system I suddenly started getting errors with certbot for one domain while certificates for other domains on the same system were renewing without errors. Performing a –dry-run would result in various error messages, such as:
DNS problem: SERVFAIL looking up CAA for …
Remote PerformValidation RPC failed
Unfortunately, an error on the ACME server prevented you from completing authorization. Please try again later.
Running certbot renew with the additional flag –debug-challenges and inspecting the letsencrypt.log revealed the following:
Invalid Content-Type header on POST. Content-Type must be “application/jose+json”
The solution was to simply update certbot on the system
sudo apt-get update sudo apt-get upgrade