I have a question about the certificate renewal policy of let's encrypt. I'm implementing an automated process to renew certificates on a web server, and I'm wondering if the following is possible:
Create an Acme account
Create Acme order with the account
Get and set the dns challenge to dns
Set generated certificate to web server
Renew certificate, using the same acme account and challenge (?)
According to some information on the internet, I found that the Acme accounts are somewhat disposable, and you are advised to create a new account/challenge every time when in need of a new certificate.
Would it be possible to use the earlier account again, and possibly with the same challenge, just renewing the certificate?
I would disagree with this logic.
Accounts take up database space and CPU time to create and maintain.
LE is a free CA - but that doesn't mean that we should purposely abuse those free resources.
Yes, they are not automatically deleted.
No, each renewal (via DNS-01 authentication) will require a new (DNS TXT record) challenge and response.
I'm very curious what that "some information" would be. It sounds like an utterly incorrect and unreliable source! Perhaps you would even call it "incompetent".
Or perhaps you've misunderstood the source? As you're writing "account/challenge" as if it's the same? Which it is not. It's true that for every (regular) renewal a new challenge is required, but that is very distinct from a (new) account!