The ACME service (directory) is unavailable but all tests pass

I’ve moved my server to a new hosting environment, and since then no certs can be renewed.
Renewal intervals set to 14 days for 20 sites.
Certify.exe is latest version.
Windows headless Server 2016 for IIS.

The log shows this Error: [ERR] The ACME service (directory) is unavailable.

From a test machine within that same environment these can be successfully accessed:

Running the test from within the Ui passes, but with a warning message on this step: “CheckDNS ‘’ failed to parse or resolve CAA”

Creating a brand new cert also fails with same message.

The Hosting tech says he cannot see what is wrong, since the above 3 urls work.

When you moved server did you copy some settings across for Certify or did you start with new configuration?

You mentioned you checked those URLs from a test machine, but did you check them from the same machine e.g. using powershell etc? A common fault is that Windows Firewall is blocking outgoing https.

The CheckDNS test is normally not enabled, you can disable DNS checks under Settings if you don’t need them.

Server Core (e.g. headless windows) is not a product we officially support but in general it should work.

I also see your support ticket via email, we can discuss further there.

The web servers involved are VMs on a blade. The blade was physically moved from one place to another, with new public IP’s for the webservers. DNS was updated, sites have been running since start Oct in new hosting environment and new public IP addresses. I only noticed the emails for renewal failure yesterday.

See also my reply on the let’s encrypt community forum: The ACME service (directory) is unavailable - #8 by webprofusion - Help - Let's Encrypt Community Support

Happy to discuss the solutions here or on the support ticket but I’d suggest we just discuss it in the support ticket so you can provide logs etc.