1. I would like to know whether ISPConfig will keep using certbot (so far still the official LE client) for another 3-5 years time or will drop it anytime sooner, since acme.sh is now ISPConfig official LE client? 2. If former, would it be appropriate to propose ISPConfig to add a monitor script using certbot renew dry-run command to show whether there is faulty domain that may cause renewal failure? I think this will benefit admin in monitoring his ISPConfig server. I noted that acme.sh has no equivalent to dry-run though it has test feature which is deployable rather than simply checking like dry-run.
Is there any advantage to dry-run vs actually trying the renew and printing the error when it falls? (Doesn't hit request limits or something?)
Yes and as mentioned, so admin may fix errors for domains in his ISPConfig server logged by certbot renew dry-run. Or are you suggesting to simply take from the certbot renew command logs that run every night? In that case, I guess, whichever is better.
I don't think we will remove support for it, but we will encourage users to use acme.sh. It would be nice if we could install both in the future and when a domain is ready for renewal, the client is switched from certbot to acme.sh (this can't happen all at once due to the rate limits). If such a function exists for a longer period of time, we might remove support for it (or at least we will not actively support it). We could do that, and detect warnings automatically.