This is using pfsense acme plugin. All on latest version.
I tried search but can’t find any answer. I also posted on pfsense forum but seems no answer/comments yet.
The initial configuration was done when port 80 was blocked. I managed to get it working with ‘tls-alpn-01’.
Yesterday the port 80 was open. I update the config to use ‘Standalone HTTP Server’. Added the rule to allow port 80.
However I got the error message “Error, can not get domain token entry …”
“The supported validation types are: tls-alpn-01 , but you specified: http-01”.
Still new to this. Are there anything I can do to switch the new validation method? Assuming waiting for the expiration of the cert is not the option.
From Let's Encrypt's perspective, a certificate expiring has no relationship with or effect on anything like that.
Well, the client can choose to remember it.
Let's Encrypt normally caches authorizations for 30 days. If a client validates a name, and tries to validate it again within that time period, Let's Encrypt will return the prior authorization, which includes which validation method was used. What, if anything, a client might do with that information is up to it.
Some clients have had bugs where they react badly when the user says "I want to use validation method X" and Let's Encrypt says "here, you already have an authorization which used method Y".
"What validation method to use next time" is just some information in your local client's software or configuration files.