All the steps before and after are really quick.
I have the same delay for all certificates, in the same steps : beetween “Received response” and “Creating CSR”.
CPU usage stay low (2 cores, ). No wait on CPU.
Load stable at 1.00 (no other process on this host, it’s used only by letsencrypt, web trafic is managed by haproxy in front of that host).
Here is the log file before :
2020-03-03 11:34:02,825:DEBUG:certbot._internal.main:certbot version: 1.2.0
2020-03-03 11:34:02,826:DEBUG:certbot._internal.main:Arguments: ['-d', 'blbimmobilier.la-boite-immo.com', '-d', 'blbimmo.fr', '-d', 'www.blbimmo.fr', '--http-01-port', '63443', '--agree-tos', '-m', 'infra@la-boite-immo.com', '--account', 'd6b16a04dc38f74b04d3cc6881aa2720', '--standalone', '--non-interactive']
2020-03-03 11:34:02,826:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-03-03 11:34:02,902:DEBUG:certbot._internal.log:Root logging level set at 20
2020-03-03 11:34:02,903:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-03-03 11:34:03,127:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2020-03-03 11:34:03,144:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7f34f113cb90>
Prep: True
2020-03-03 11:34:03,145:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7f34f113cb90> and installer None
2020-03-03 11:34:03,145:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2020-03-03 11:34:03,175:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', only_return_existing=None, contact=(u'mailto:infra@la-boite-immo.com',), key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f34f2ce1290>)>), external_account_binding=None), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/20022078', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), d6b16a04dc38f74b04d3cc6881aa2720, Meta(creation_host=u'lb1.la-boite-immo.fr', creation_dt=datetime.datetime(2017, 8, 16, 12, 46, 32, tzinfo=<UTC>)))>
2020-03-03 11:34:03,178:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-03-03 11:34:03,182:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-03-03 11:34:03,764:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2020-03-03 11:34:03,766:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 03 Mar 2020 10:34:03 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"nDwpIHo7oYA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2020-03-03 11:42:29,040:INFO:certbot._internal.main:Obtaining a new certificate
2020-03-03 11:50:56,609:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/29069_key-certbot.pem
2020-03-03 11:59:03,677:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/29066_csr-certbot.pem