The immediate thought that comes to mind is, if you are completely new to SSL etc, why are you developing your own ACME client - there are many good ones out there - see ACME Client Implementations - Let's Encrypt
In terms of developing your own though, you at least want to read the ACME spec - draft-ietf-acme-acme-03
Yes, that's perfectly secure. You can download certificates for virtually all sites ( google, cnn etc ) there is no risk as you need your private domain key with it to use it on your domain.
You should download the certificate, save it in a file ( in the correct format ), and use it from there.
Yes. The only difference is you will get a warning in your browser that it isn't "trusted"
I'm not sure what specific information you are after here. You should renew the certificate, using your client, in exactly the same way as you will want it to work with the live system.
Thanks for the quick reply.
I got it now, the certificate only contains pub key, so no secure problem.
However is the certificate link will exist as long as the certificate is valid, 90 days?
There isn’t much info about renew, should it just skip new-reg, but go through new-auth, challeges, new-cert again?
What about the gap when I got the new certifcate, but have not update to the web server? Will the old one still be valid before its expired date?
I developing my own ACME client is for both learning and better integrity. Basing on the excellent work of https://gethttpsforfree.com/, it isn’t a big job.
No, hence why I said you needed to copy the cert and save it as a file. Equally your server can't use the cert from there, you need to save and convert it into the correct format.
Basically, yes.
The certificate is valid for 90 days, so if you obtain a new cert after 60 days, then both will still be valid, and you can simply change the config to use the new cert.