Is there a penalty for running cron jobs to auto-renew?



I think the Internet is a safer place because of Let’s Encrypt. Thanks to all who contributed to it.

My self-hosted WordPress website at runs a cron script weekly to renew the cert. Output from that command when the cert is not renewed is like this:

Processing /etc/letsencrypt/renewal/

The following certs are not due for renewal yet:
/etc/letsencrypt/live/ (skipped)
No renewals were attempted.`

My question is simple: is there any “penalty” for issuing weekly requests for renewal? Do Let’s Encrypt servers keep a count of renewal requests and deny after some number of premature requests? Are repeated renewal requests likely to trigger a blacklisting of the site doing the requesting?



No, the decision to renew or not is made on the client side.


What you’re seeing is not Let’s Encrypt’s servers telling you that there’s no need to renew yet. In fact the command you’re running is not touching Let’s Encrypt’s server at all at this point.

What certbot does prior to requesting a new certificate is checking whether the existing certificates are close to their expiration date (where “close” is defined as “30 days before the expiration date” by default). If they’re still fine for at least 30 days, certbot won’t bother renewing the certificates at all (by default, which could be changed by using --force-renewal).

tl;dr: certbot renew is smart and will only renew when it makes sense to. You can run the job as often as you want, with the official recommendation being twice a day at a randomly-selected time.

The servers do in fact keep track about usage as well (more details here), but there’s no permanent blacklisting of any kind (just a temporary rate limiting error) unless you show abuse behaviour.


Excellent info.

Thanks, folks.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.