I am using nginx and webroot plugin. I have a service which pre-fetches certs if the number of certs in the DB goes below a certain number. It uses randomly generated hostnames.
Now when this service invokes certbot, there could be a custom client(our own client where the cert needs to be installed) hitting this service requesting a cert for a particular hostname. Which means there could be a scenario where there are multiple invocations of certbot. I do provide certbot with unique values for --config-dir, --logs-dir and --work-dir parameters.
The one thing I am worried about is that since certbot creates ~/<path_to_webroot_dir>/.well-known/acme-challenge directory when requesting for a cert and deletes it once the cert is issued, there is a small window where there could be multiple files under acme-challenge directory(due to multiple certbot invocations) and a race condition is created where the first one to go through deletes the acme-challenge directory and leaves the others in limbo basically the domain ownership challenge fails.
Is there a way around this? Why does certbot delete the acme-challenge directory. It can just delete the challenge file I suppose.