Unable to automatically renew LetsEncrypt Certificate

Hi there,

I'm running TeamCity server 2025.11 on Windows Server in Azure, over HTTPS (port 443). Originally I set up HTTPS using the automatic LetsEncrypt process, and the certificate is due for renewal in a few days. I don't think there's anything funky about our setup (no proxies, or anything like that)

I've opened up port 80 inbound from all sources on the Azure network security group, and pressed “Renew” on the HTTPS settings page. The renewal fails with the following written to the log:

[2025-12-10 09:18:22,903]   INFO - er.https.HttpsConfiguratorImpl - Fetching certificate from Let's Encrypt in automatic mode

[2025-12-10 09:18:24,205]   INFO - er.https.HttpsConfiguratorImpl - Attempting to complete Let's Encrypt challenge without socket: port in server root URL is 80 or not specified [2025-12-10 09:18:24,998]   INFO - sl.acme.LetsEncryptAcmeService - Domains for challenge: dns=<server_url>

[2025-12-10 09:18:24,998]   INFO - sl.acme.LetsEncryptAcmeService - Authorizing domain dns=<server_url>

[2025-12-10 09:18:35,846]   INFO - er.https.HttpsConfiguratorImpl - Could not fetch certificate from Let's Encrypt: The result of ACME challenge differs from valid: INVALID. Possibly, port 80 is unavailable or TeamCity server is launched inside container. Will try to initialize a new challenge for manual fetching: jetbrains.buildServer.serverSide.impl.ssl.acme.AcmeServiceException: The result of ACME challenge differs from valid: INVALID. Possibly, port 80 is unavailable or TeamCity server is launched inside container (enable debug to see stacktrace)

[2025-12-10 09:18:43,732]   INFO - er.https.HttpsConfiguratorImpl - ACME challenge cancelled

Any idea what might be wrong?

Thanks,

Rob.