Every time Virtialmin renews a certificate it generates a duplicate of the certificate. It duplicates in:
/etc/letsencrypt/live
/etc/letsencrypt/archive
/etc/letsencrypt/renewal
This seems to work for a while but eventually the renew fails with an error that there are too many certificates for the domain.
If I delete all the duplicated certs ending in sequential -001, -002 etc and try to manually renew it then it works and the cert renews although it still creates a new duplicate.
What is going on here? Is it supposed to be making all these duplicates? I am fairly sure this is not how letsencrypt is supposed to work. The existing cert is meant to be renewed and old one moved to archive. I have had this issue on another server where I had to disable virtualmin letsencrypt renewal because it locked us out for too many requests, I imagine this may be related to that also.
Can someone confirm what the intended behaviour here is please?
Can anyone from virtualmin respond?
I don't get the /etc/letsencrypt/* directories on any of my Virtualmin servers. I -do- get them on a server that doesn't have Virtualmin, but I run LE's certbot on. Are you trying to run both on the one server? You don't need certbot on a Virtualmin server.
I'm seeing the same issue with successive renewals by Virtualmin creating a new sequence number certificate.
Despite this Let's Encrypt's cron job is also renewing all the certificates. In some cases I had 20 valid certificates for a single domain. This seems like a waste of resources especially those of LE's servers, renewing multiple certificates which are never going to be used.
Could Virtualmin be re-written slightly to simply rely upon LE's cron job to update the certificates. Instead Virtualmin could monitor the file date differences between the certs located in /etc/letsencrypt/archive/{domain}/ and those copied in the /home/{domain}/ directory, copying them over and reloading services like apache etc... if a new file date is detected?