I’ve just found that my sites fail to renew their LE certificate if there is are ip6/AAAA entries for the sites in DNS.
I spent a long time diagnosing, and when I deleted the AAAA records for both the ‘www’ and the non-www domain, the renewal flew through with no problems.
I then tried the second failing site, and confirmed the cause of the problem was the AAAA records.
I did not further diagnose to see if both records needed to be removed, or if only one was the issue.
Has anyone else experienced this?