While trying to add a subdomain to my main tls certificate I constantly received a timout error from certbot. I never had problems like this before and had no idea, whats happening. It seemed to be only one specific subdomain, but when I tried to access it with a normal web browser everything worked like always.
I did not find a solution and forgot the problem for some time, because
everything was still working.
But now the time came the certificate would expire.
I tried a manual
certbot renew but still got the timeout.
Now I had the great idea to test the subdomain with
curl and see, whether
I will get a proper response. The result: no, timeout.
But: curl showed me the redirects. And there was a redirect to an IPv6
The Problem: Some time ago I added an AAAA DNS entry for this subdomain, but forgot to add it in nginx too. Apparently Let's Encrypt started to prefer IPv6 at some point, and I missed it. But after removing the AAAA entry from DNS, the renewal finished with no errors and I can keep using the great HTTPS certificates for free.
PS: If you enjoy free certificates like I do, consider a Donation. By next year there will even be wildcard certificates.