Hi Jacob, thanks for clarifying! Regarding my first question, does this mean that DNS verification is a one-time deal? As in, either it works the first time you say you’re ready or you have to issue a new request (and therefore get a different token which means I have to change the record)? This seems problematic – what if I change my DNS and it’s correct but the DNS hasn’t propagated to where Let’s Encrypt picks it up? What if I made a small typo and just want to correct it?
Regarding the value of the TXT record, so that I’m clear the current way to do this is basically:
base64(sha256(token + "." + fingerprint))