I got myself to administration of a VPS server with certificates from Let’sEncrypt with renewing using certbot. I looked into /var/log/letsencrypt and there are 3 logs per day: one between 0:00 and 1:00 (probably random), second exactly at 3:48 and third between 12:00 and 13:00, all with the same output (same except of time/date).
Then I looked into crontab of root, but there is only
48 3 * * * cerbot renew --quiet
I also listed crontabs of all other users, but those are all empty.
Is there any known reason why it runs by itself additionaly twice a day or did the previous administrator use some other tool than cron in addition to cron? I would like to run it just once per day but I did not find a way to do so and stop those two additional runs.
EDIT: OS is Debian 8.7