Can't do HTTP-01 challenge after DNS-01 challenge

I having problems for request new certificate with HTTP-01 Challenge, if I request it previoulsy with DNS-01 Challenge.

When I request new authorization, only have DNS-01 challenge are available:
{
“identifier”: {
“type”: “dns”,
“value”: “XXXX.com
},
“status”: “valid”,
“expires”: “2020-04-17T14:05:39Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “valid”,
“uri”: “https://acme-v01.api.letsencrypt.org/acme/chall-v3/3429482578/XXXXXXX”,
“token”: “jR1CMFFfFKnBY6mScRtrTUj7_-XXXXX-5TnpDBYYk”,
“validationRecord”: [
{
“hostname”: “XXXXXX.com
}
]
}
],
“combinations”: [
[
0
]
]
}

Can I force HTTP-01 challenge?

Yes, but the output you posted tells me it’s using the valid dns-01 authorization to issue the new certificate. Authorizations are valid ~30 days.

You can deauthorize (not from certbot?), but I think it’s best if you just run certbot renew --dry-run --preferred-challenges http to check if it works, then edit the renewal config file, then run certbot renew --dry-run to check if all is good.

The main problem is that I need to request both certificates (DNS and HTTP) at same time. We are deploying new client that uses DNS-Challenge, but we have deployed old client with HTTP-Challenges. They must live together for a couple of months in production.
How Can i force to use http-challenge for second certificate?.
When client calls to new-authz, old auth is returned.

authorizations are linked to acme accounts.

you need to use different account keys on the old clients. or you don’t, you just use the authorization that’s there and you get your certificate.

ok, I need to request authorizations from different accounts. Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.