community.crypto.acme_certificate does use the existing certificate file to check for the validity in order to decide whether a certificate needs renewal.
As this file isn't kept if running the playbook on a non persistent environment such as a containerized ci runner this leads to a certificate renewal on each playbook execution which might hit the limit of 5 certs per seven days as configured on letsencrypt depending on the configured schedule.
By downloading the certificate from the webserver beforehand to the certificate file this check should work as expected again
community.crypto.acme_certificate does use the existing certificate file to check for the validity in order to decide whether a certificate needs renewal.
As this file isn't kept if running the playbook on a non persistent environment such as a containerized ci runner this leads to a certificate renewal on each playbook execution which might hit the limit of 5 certs per seven days as configured on letsencrypt depending on the configured schedule.
By downloading the certificate from the webserver beforehand to the certificate file this check should work as expected again