one of my servers is getting lots of ssl errors so i checked out the logs it seems to me that each night it runs the lets encrypt cron at 3am and attempts to update ssls. the issue is, I have a few hundred 'dead' sites in ispconfig which have DNS pointed elsewhere, and are turned off. however, ispconfig is attempting to renew ssl on these each night, these all fail, and then I get blocked from lets encrypt for rate limits. i have this same setup across a few servers and it doesnt happen on the others, this seems like a bug where its trying to update ssl for sites that are inactive, when i assume it shouldnt? my plan is to remove all the 'dead' sites from ispconfig and this should fix it?
After removing the site from ISPConfig, check if the certificate configuration files were also removed. If not, you need to remove them using the LE client command(s). Then follow the logs to see the renews really stopped.
This I think is a known issue, so manually removing the LE certs, as @Taleman said, is a way to do it.
There is a feature request to be able to automatically remove these old certificates when a site/domain is deleted, I don't think anyone has reported hitting rate limits from these before, but maybe this should be changed to "bug" status.
