# SSL Certificates Failied to Renew

The most likely cause is something preventing Let's Encrypt from requesting the acme challenge validation url on the website - such as an external proxy (Like Cloudflare) or inconsistent DNS, for instance an AAAA record which points to a server other than your own.

To see the logs of ssl failures, run the following on the server which the website application role is hosted (If it's an email SSL, ensure you are running it on the server where the Email role is hosted.):

journalctl -u appcd