We have 300+ active certificates and all renewals are proceeding without trouble.
However, I recently visited crt.sh for our appello.care TLD to review it’s issued history and saw that practically all the renewals since the end of January 2020 are unlisted.
I considered this being due to batch uploading from LE to crt.sh, but checking again today shows little change.
Our slowly growing list of certificates currently stands at 344, each for individual sub-domains, and to evenly spread the renewals across the sixty day rolling cycle, certbot is scripted to attempt renewal of the oldest two certificates 4 times per day. The limit of two at-a-time will be increased to three when we reach 480 certificates (8 * 60).
- our TLD appello.care certificate (+wildcard) was last renewed - 2020-05-19T08:53:38Z
- the most recent sub renewal was 4100001.hq.appello.care today ~ 2020-06-12T02:52:00Z
(4100001 will return 404, but
openssl s_clientwill confirm)
It’s unclear whether this is an issue with LE or crt.sh - happy hunting.