I don’t believe we’re running multiple instances of letsencrypt at once, at least I have no evidence that that would be true.
However, we DO do this:
- Attempt to auth a SAN with 100 hostnames
- Notice that
letsencryptfailed, and the error tells us which hostname was the problem - Attempt again without that problem hostname, now with 99 hostnames
This is also very often when we see the request message was malformed message. Perhaps an auth process is still pending somewhere in the LE system when I fire up my sequential attempts after parsing out a failed hostname. I think I’ll implement some kind of pause/timeout between these attempts and see if that clears it up
Today we got it worse than usual