It seems we need to change how our ansible play generates LetsEncrypt certs. I'll create an issue for it too
-------- Forwarded Message -------- Subject: ACME v2 client polling /acme/issuer-cert endpoint Date: Fri, 11 Dec 2020 16:34:02 -0800 From: Aaron Gable <aa...@letsencrypt.org> To: paddatrap...@debian.org Hi, As part of our due diligence prior to shutting down the ACME v2 API's /acme/issuer-cert endpoint, we detected that an ACME v2 client with useragent `ansible-httpget` and associated with contact address `paddatrap...@debian.org <mailto:paddatrap...@debian.org>` appears to poll the endpoint in between issuances. For example, we saw the client complete an issuance for `jitsi-sandbox.video.fosdem.org <http://jitsi-sandbox.video.fosdem.org>` on 2020-12-07 at 07:38 UTC, then poll the issuer-cert endpoint 13 times over the next ~36 hours, then begin another issuance for `vogol-sandbox.video.fosdem.org <http://vogol-sandbox.video.fosdem.org>` on 2020-12-08 at 20:37 UTC. Yours appears to be the only client exhibiting this behavior, so we assume you have something custom running. *Please update your client to not query the /acme/issuer-cert endpoint before we remove it on Thursday, Jan 7, 2021.* More information can be found here: https://community.letsencrypt.org/t/acme-v2-removing-acme-issuer-cert-endpoint/140382 <https://community.letsencrypt.org/t/acme-v2-removing-acme-issuer-cert-endpoint/140382> Thank you, Aaron, on behalf of Let's Encrypt