Hey guys I’ll kick off here by saying that we have been using this tool for several years now and it has been a huge help for us!
We have ~17,000 domains and will periodically loop over subsets of them that are close to expiry running:
/etc/scripts/certbot-auto certonly -a webroot --webroot-path=/var/www/ --keep-until-expiring --no-self-upgrade --agree-tos --email firstname.lastname@example.org --force-renewal --non-interactive -d "test.com"
This has worked very well for us in the last few years. However recently we have been finding that the renewal process is taking longer over time. To the point where renewing 20 certificates can take a couple hours.
I dug up this old thread and it looked very similar to what we are currently fighting with: Performance issues when creating/renewing certificates
I also tried running the above command with the
--duplicate option and did indeed find that the tool ran much more quickly. Furthermore it does appear that the tool will hang until it prints the result of the decision to generate or renew, and from there on, it will proceed relatively quickly.
However we are running certbot-auto 1.3.0 so I believe the fix which resolved the issue for this other user should be in place for us as well.
Note that I have also searched our
letsencrypt.log files to ensure that there are no 429 response codes so ratelimiting is not the issue here
Thanks very much for any insight that you can provide!
I’ll be happy to run commands / provide any relvant info