Now, I am confronted with a requirement where I need to alternate between to servers with different IP addresses: while server A is updated, server B serves the content in HTTPS. When server A is updated, the servers exchange their roles: B is updated and A serves the content in HTTPS.
The switch takes place in regular (approximately weekly) intervals, i. e. it is not a one time operation.
My question is: can I simply run the same installation sequence on the second server or do I need to take something more into account (especially regarding the automatic renewal process)?
if that server is only one seen in dns record it'd work normally: if both server A and B is online than you'll need to redirect request to both toward a machine that requested the certificate
The ideal solution would only have one server obtain the certificate, and then deploy it to the other server. This can happen via a certbot hook, by using network storage, or by using a server/client that supports synchronized cloud/local storage (several do).
The drawbacks to having both A and B obtain the certificate are a mix of hitting rate limits now, and forgetting about this server in the future and it spins up and makes phantom requests against your account (which can wedge it through rate limits) that can be very hard to pinpoint. This happens a lot more than you would think.
Certbot usually is setup to run a renew check at least once / day. It will check all the certs described in its /etc/letsencrypt/renewal folder (also run: certbot certificates)
If a cert needs renewal the HTTP Challenge will occur again with a new challenge value. Usually this is when the cert is within 30 days of expiration. But, if the cert is revoked Certbot will renew right away. An upcoming feature called ARI may affect the exact renewal time.
So, when you asked if the URL is contacted anymore the answer is yes. Whenever the cert on that server needs renewal.
If a cert does not need renewal, no HTTP challenge occurs. Certbot looks at the expiration date in the cert file on that server. And, checking its revocation status using OCSP (and future maybe checking ARI too).