Console activity renewing TLS certificates
for production environment where custom domain is added can fail with an error Couldn't complete challenge [HTTP01: The client lacks sufficient authorization]
. This happens when domain associated to your project does not point to the Platform.sh IP address, so system cannot complete the challenge and renew certificate.
Check the IP associated to your domain points to Platform.sh IPs. If it's not pointing to a Platform IP, when trying to renew the certificates, activity will give the error Couldn't complete challenge [HTTP01: The client lacks sufficient authorization]
.
As many DNS providers do not support pointing an apex record to another DNS record, some workarounds for apex domains are documented here.