I just installed Let's Encrypt certificates on two machines recently and apparently everything is working correctly.
The two machines (iMac, and MacMini) use High Sierra MacOS.
One of the machines (iMac) hosts just one site.
The other (Mac mini) hosts three sites.
Looking at the access_logs, there are differences I don't understand.
The iMac (one site only), appears to call regularly /api/passphrase and /api/license/timestamp/ which are noted with a code 404.
::1 is the IPv6 localhost address; it can only be reached by itself.
That said, I don't know what the problem can be.
You may need to add some more detail to your logs; In order to see the exact FQDN that is trying to be reached.
This is not related to Let's Encrypt at all, and is (as @rg305 mentioned) some software application running on your machine, but not one that has to do with your certificate.
I did some searches and found that some other people mainly on Windows asked on other forums about these same requests, but were never able to identify what was causing them. I'm afraid I don't know enough about macOS to suggest a command that could let you identify the process easily.
I guess you could try to make a CGI script that runs under the path /api/passphrase and that logs additional information from a command like ss -pt (on the basis that the program that created the local connection will still be running while it waits for the reply from the server).
Hi JuergenAuer,
These curious calls from one of my machines itself are not honoured as these directories do not exist; it is also shown by the 404 http code.
They appeared immediately after I installed HomeBrew to use Certbot on the machines to install Let's Encrypt certificats.
Now, HomeBrew installed on macOS High Sierra is not recommended anymore and not supported by HomeBrew or Apple.
Blockquote
==> You are using macOS 10.13.
==> We (and Apple) do not provide support for this old version.
This installation may not succeed.
After installation, you will encounter build failures with some formulae.
Thanks JuergenAuer for confirming Letsencrypt doesn't use these folders.
Many thanks also to rg305 and schoen for useful comments.
BTW, as of today, these calls have completely disappeared.
I will keep digging to try to understand where they came from.