Hi,
froxlor v2.0.13-1 (on Unbut 20.04 LTS) - basically all is well, yet if acme.sh updates the LE certs via its own root-owned cronjob in the middle of the night, the froxlor cronjob somhow doesn't find those certs to be new - until - we look into each domain that suffers from this problem and see LE is deactived for this domain.

We're quite sure neither us nor the user did this, I guess it's probably some domain test by froxlor gone bad, but if there was a problem we didn't get notified nor anyone else gets notified except for the LE certs silently expiring.

Could there be another way to handle such cases, ie to recover from a temporarly failure?

if you activate Let's Encrypt and the cronjob fails to obtain a certificate due to errors (most likely domain does not resolv to server ip or the alias to /.well-known/acme-challenge/ does not work) froxlor deactivates let's encrypt for the domain to avoid running into rateLimits and being blocked

As we cannot know whether it's an "temporary" failure or not, this is currently the safest way not to get into any rateLimit. I agree, there should be some kind of information towards the admin if this happens