Is there a reason I must make DNS changes every three months? Can Let's Encrypt be configured to use the initial DNS TXT setting? It was very confusing today when the main domain SSL automatically renewed, but all of the child-sites started showing security errors because the wildcards weren't renewed.
Thank you for the brilliant service that is Let's Encrypt!
All challenge tokens are valid for that challenge only. And for every new authorization, you need new challenges and thus new tokens. Let's Encrypt is mandated to check the ownership of the hostnames for every (regular) renewal.