How to fix Let's Encrypt certificate failed

Start here

First, verify DNS, ports, and domain routing before retrying. Then check the most recent deployment logs and confirm whether the app failed during build, startup, health check, or routing.

Step-by-step checks

Work from the app outward: source code, build output, runtime command, env vars, container health, router, DNS, then external services.

• Read the latest logs
• Confirm the app listens on the expected port
• Verify required environment variables
• Check database or service containers
• Retry after fixing one variable at a time

Prevent it next time

Keep build scripts explicit, document env vars, set backups for stateful apps, and verify a staging deployment before switching a production domain.

How this connects to the Better-PaaS workflow

This page is part of a broader deployment workflow: install the control plane, connect a Git repository or choose a catalog image, configure environment variables, deploy the container, inspect logs, attach a custom domain, and add backups for stateful data. That sequence matters because most hosting decisions are not isolated. A platform choice affects how you debug failed builds, rotate secrets, recover from bad deploys, and keep apps running after the first launch.

Practical next step

If you are using this page to make a decision, turn it into a small test. Deploy one non-critical app, add a temporary domain, force one redeploy, read the logs, and confirm you understand where data is stored. A short trial reveals more than a feature checklist because it tests the full path from source or image to a live HTTPS endpoint.

How to isolate the layer

For fix Let's Encrypt certificate failed, separate the problem into layers. If the build never finishes, inspect repository and dependency output. If the container starts but traffic fails, inspect port binding, health checks, and Caddy routing. If the app works locally but not on the public domain, inspect DNS, HTTPS, and environment-specific URLs.

• Build layer: dependencies, lockfiles, build scripts, framework detection.
• Runtime layer: start command, port, env vars, file permissions.
• Network layer: container port, health check, reverse proxy, DNS.
• State layer: database connection, volume path, migrations, secrets.

Evidence to collect before changing settings

Before editing multiple settings, capture the current failure evidence. Read the latest deployment log, note the exact error, confirm whether the old deployment still works, and identify the last change. This makes the fix faster and prevents accidental regressions.

Escalation path

If the issue persists, try a minimal test app on the same server. If the test app deploys, the problem is likely app-specific. If the test app fails too, inspect server resources, Docker state, Caddy routing, firewall rules, and dashboard API reachability.

What a good fix looks like

A good fix should be narrow and repeatable. Change one cause, redeploy once, and compare the new log output with the old log output. If the problem involves credentials, rotate only the affected secret. If it involves storage, verify the volume path before deleting or recreating containers. If it involves DNS or HTTPS, wait for DNS propagation and confirm the server can receive traffic on ports 80 and 443.