Maybe I have to ask one by one. I’ve been trying to renew one certificate, for the 5 whole days or so, applying many many different configurations of web server (http) (and firewall, name server, local configurations, etc.).
the question was: when renewing, what permissions is the web server required to be given? But I just read a recent post where I see that even a web server is not required when renewing and that’s confusing to me. It is “http-01” challenge type and so I use the same method, local web server, but whatever configuration I apply, I gets “authorizations for these names not found or expired, status: 403”
(I placed a html file every directory/path down to the acme-challenge directory and made sure all accessible.)
So this question (as well) seems getting back to how the renew differ exactly from the first creation.
I’m also confusing: expiration date for the renew itself. Is it the same as the certificate itself expiration date, or 30 (or 60) days before the certificate expiration? The certificate, I’m trying to renew, itself expires in 5 days.