Staying within letsencypt rate limits

[dziamid]

I want to spawn a discussion for potential improvements to this image regarding letencrypt protocol.

To quote this: https://letsencrypt.org/docs/rate-limits/

We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of names by adding [blog.example.com], you would be able to request additional certificates.

In current implement there's a daily call to create a certificate, so we have 7 call per week. Doesn't it violate Duplicate Certificate limit ?

Also what is the reason to renew ceritificates daily? According to https://certbot.eff.org/docs/using.html#renewing-certificates:

Let’s Encrypt CA issues short-lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

[adimitrov]

Thats not how it works. certbot runs every day, but it does not renew the certificate until its due.

Note:
if you're setting up a cron or systemd job, we recommend running it twice per day (it won't do anything until your certificates are due for renewal or revoked, but running it regularly would give your site a chance of staying online in case a Let's Encrypt-initiated revocation happened for some reason). Please select a random minute within the hour for your renewal tasks.

Source: https://certbot.eff.org/all-instructions/ - Automating renewal