Not much happens. If you’re running “
certbot renew” twice a day at random times, you won’t encounter the Failed Validations rate limit (5 per hour).
If you’re trying to renew hundreds of certificates, you may hit the New Orders rate limit. That would be a problem for you.
Well, yes. It might generate about a dozen HTTP requests per certificate per day to Let’s Encrypt’s systems. They’re not going to stop you if you’re only generating a normal amount of traffic, but it’s still good not to waste resources.
You can manually run “
sudo certbot delete --cert-name example.com” to delete a certificate, but Certbot doesn’t have an automated, built-in way to manage this.
If you want to handle it manually, you could set up some kind of monitoring for Certbot, watch for failed renewals, and take action after a few weeks. Or you could run “
sudo certbot certificates” every few weeks and look over the output.
As your service grows, you might want to switch to another ACME client, though I’m not sure which one to recommend. Or build your own. I’m not saying Certbot is a bad client, but it’s not designed for large-scale, automated lifecycle management, and you’ll have to build your own scaffolding around it.
By the way, have you read the integration guide?