The pattern for doing this seems to be:
- Run the “issue” command. Letsencrypt then responds with a challenge.
- I add the verification strings to my dns
- I run the “renew” command. Letsencrypt will then sign my certificate.
Ive tried this, and it works great. However, I do have some questions:
- Will I need a new challenge for each renewal of the certificate?
- If not, for how long is a domain verified? Eg, for how long can I keep renewing the certificate without having to re-verify?