My operating system is (include version): Debian 8.5
My web server is (include version): Apache 2.4
I can login to a root shell on my machine: yes
I’m using a control panel to manage my site: no
This is a clone of my question at serverfault I recently switched from dns challenge type back to http. Now the certs which where initially optained through dns challenge can no longer be renewed using http - the old ones (optained through http) work fine.
Complete JSON-Objects got posted at the serverfault question.
I read that starting with tls-sni I cannot switch to http nor dns but why can’t I use http again after issuing with dns? I hope someone can explains this to me and (ideally) solve this problem together with me.
Once a domain has been validated, that authorisation is remembered for a period of time ( 90 days currently I believe), so requesting via a different type of challenge ( http in your case) will result in always getting a “pending” unless the script takes notice of the “status”:“valid”. I’d suggest opening this as an issue on the dehydrated site. It should recognise the valid status, and simply obtain a new certificate.
As a workaround, moving to a new ACME account should allow you get rid of your existing authorizations so that you can test the http-01 validation. I believe these steps should work (not too familiar with that client, but this should force the client to create a new account).
You could also ask for Dehydrated to support deactivating a valid authorization. If the existing authorization is invalidated a new request to authorize the domain by http-01 would be fully processed.
@dennisschuerholz glad you got things sorted out! Would you be so kind as to update the Stack overflow question to have an answer and a pointer back to this thread? I’d hate for any wayward souls that find the Stack Overflow version first to be left hanging