tonight the automatic certificate renewal failed with the below error.
Running it manually (at around 8:30 am) worked without any issues.
[Mon Mar 1 04:00:49 CET 2021] subdomain.browne.net:Verify error:During secondary validation: DNS problem: networking error looking up A for subdomain.browne.net
[Mon Mar 1 04:00:49 CET 2021] pid
[Mon Mar 1 04:00:49 CET 2021] No need to restore nginx, skip.
[Mon Mar 1 04:00:49 CET 2021] _clearupdns
[Mon Mar 1 04:00:49 CET 2021] dns_entries
[Mon Mar 1 04:00:49 CET 2021] skip dns.
[Mon Mar 1 04:00:49 CET 2021] _on_issue_err
Searching the forums it seems that it may be caused by an overload of LE's secondary validation servers at peak times.
This would make sense since we used the default cron job times created by the LE plugin.
But I would like to make sure that there is no issue on our side.
If you offer client software that automatically configures a periodic batch job, please make sure to run at a randomized second during the day, rather than always running at a specific time. This ensures that Let’s Encrypt doesn’t receive arbitrary spikes of traffic at the top of the hour or minute. Since Let’s Encrypt needs to provision capacity to meet peak load, reducing traffic spikes can help keep our costs down.
For example, Certbot's cronjob every 12 hours but includes a perl -e 'sleep int(rand(43200))' prelude for a random sleep of up to 12 hours, which is an effective way to implement that advice.
Picking a static random second in the day (like 14:41:14) is still a lot better than top-of-the-hour though.