Several certbot hits every day to only one site

One of the web sites on my server is receiving several hits per day, all triggered (I think) by the server's cron at 9:00 am. It's the only site hit out of about a dozen sites using letsencrypt certs on that server and has several domain names tied to its cert. It is the latest site added to the server; previously it was hosted on a Windows IIS server. This may have something to do with it?

I began to notice it in the site logs a couple of weeks ago, when there were two hits per day. It went up to 4 hits, then six, and yesterday it was eight; today it's back to two. Always goes in increments of two hits. I have whitelisted the bot, although there was a period of about a week when I inadvertently blocked some of its IPs.

Todays hits are coming from (in twos):
Amazon (18.196.)
Amazon (34.209.
Amazon (3.128.)
ViaWest (64.78.

My domain is:

I ran this command: (site logs)

It produced this output: /.well-known/acme-challenge/(id)

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): Mint 18.1

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

Maybe. It's not uncommon to see unsuccessful validation attempts after a web hosting migration, until the old web hosting is decommissioned.

You can't really do anything about it. 8 hits a day is pretty insignificant in the grand scheme of things, considering the barrage of malicious requests you see from the rest of the internet.

Those IPs do appear to be the real Let's Encrypt ones.

1 Like

You could ask your previous host to disable their ACME client for the migrated site.

1 Like

Thank you both for your replies. No problem with the hits, just woried about repercussions from letsencrypt. I'll just ignore it. :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.