My site used to work with HTTPS, but now it shows “certificate expired”.

[orey-aajaamu]

I have a website hosted on a VPS, deployed using Dokploy (Traefik handles HTTPS via Let’s Encrypt).
Everything worked fine for about 3 months, but starting yesterday it shows:
"Your connection is not private – certificate expired"
Isn't it supposed to auto renew?

Below is my setup:
Dokploy server ip is private - using VPN. I am using custom dns resolution and it is working fine.

[djsisson]

are you using a dns challenge for certificates? the standard http challenge from lets encrypt only works with direct access to port 80

[orey-aajaamu]

Thanks @djsisson ! Your hint about the challenge type helped me investigate further.

[orey-aajaamu]

My Setup / Problem

1. The VPS is completely private - no public ports exposed (including port 80).
2. I was using Let’s Encrypt HTTP challenge by default.
3. Since HTTP challenge requires public port 80, the certificate renewals failed silently.

Solution: Switched to DNS Challenge

Since Traefik supports DNS challenge via LEGO, I did the following:

1.Checked LEGO DNS provider support
Docs:
https://go-acme.github.io/lego/dns/

My DNS provider Porkbun is supported.

2.Added API key and secret to Traefik environment

Dokploy → Webserver → Traefik → Modify Environments

3.Updated traefik.yaml to use DNS challenge

Traefik File System → traefik.yaml

4.Updated domain config to use custom certificate provider and used letsencrypt-dns as defined above: