New internal directadmin.conf option, disabled by default: letsencrypt_disable_renew_after_renew_failure=0 where you can change it to 1: letsencrypt_disable_renew_after_renew_failure=1 which will mean that, after the 5 failed renewal attempts, specified by: letsencrypt_renewal_failure_notice_after_attempt=5 when enabled, the LE data files will be removed, and no further renewal attempts will be made. ==================== REQUIREMENTS This *only* works if letsencrypt_renewal_failure_notice_after_attempt is a value greater than 0, and of course, if you have this in the directadmin.conf: letsencrypt_disable_renew_after_renew_failure=1 ==================== OUTPUT When a renewal failure notice is sent to the User (or whoever is setup to get it), DA will append the following string to the end of the failure message: "There have been %d renew failures, thus no more attempts will be made." where %d is replaced with 5 (from letsencrypt_renewal_failure_notice_after_attempt). ==================== GLOBAL/PER-DOMAIN CERTIFICATES This DOES also apply to the hostname certificate. If it's renewal fails, DA will remove the hostname LE setup info specified in /usr/local/diretadmin/conf/* ==================== INTENDED USE This functionality was added to aid with Admins which have many Users/Domains, and where a User might move a domain to a some other server, and the renewals previously needed to be disabled with the "Disable Auto-Renew" button. This will automate removal of LE setup, so an expired and renew-failed cert (after 5 attempts), will no longer renew again. ==================== MESSAGE Although it's mentioned that the disabling of the auto-renew happens at the same time the renew failure happened, if you've got your LE setup such that it does not message anyone, this feature will still have an effect, and will still disable the auto-renew, even without the message being delivered.