We've never had any issues applying Let's Encrypt before, however with this domain name it appears that a certificate is being requested twice a day? And so impossible for us to apply LE as it's constantly being rate limited - does anyone know why this might be? Currently hosting with Siteground Cloud, with SG Tools - they dont seem very helpful on the subject...
A new certificate is only being requested once a day - but it is being requested (and usually issued) once a day.
In order to adhere to the "Certificate Transparency" requirements, every Certificate will first process a "pre-certificate" and submit that to the transparency logs; a reference to that will then be embedded in the certificate itself.
If you click on two results for your certificates on the same day, you'll see the earlier certificate is labeled as a "pre-certificate" and, moments later, the next certificate is labeled as a "certificate".
That being said, look to see if @rg305's guess appears in your renewal scripts, cron tabs, or job runners.
It would still work, but just not do anything special.
Absolutely possible, but it would require satisfying an HTTP-01 or DNS-01 challenge to have a certificate issued. Under those circumstances, the former is unlikely while the latter would require some type of credentials and process to create DNS TXT records from the old server. I suggest checking your certificate dates on the current server. If they are changing in step with those found on crt.sh | martinarnold.co.uk, the old server isn't the culprit.
How would I be able to tell? I’ve done a TXT lookup on _acme-challenge.martinarnold.co.uk and can’t see any records in place.
I think maybe tomorrow I’ll see if I can escalate this with the current host (SiteGround) to see if they can do some more digging. I’ve SSH’d onto the server and certbot commands don’t even work, and can’t see any scheduled tasks running, so I’m guessing they handle things differently.
Yes that’s one I purchased just to get https onto the site when LetsEncrypt was failing… but I really want LE on there so I don’t have the faff and cost of renewing it every year.
I’ve just noticed that their name servers are with CloudFlare… I’m betting that something has been set up on there to renew it everyday via DNS challenge… (or the old server is using the cloudflare API to generate these requests)