I’m using acme.sh
client in order to issue and renew certificates using a dns-01 challenge, with manual addition of the DNS TXT records.
This certificate is valid for 8 FQDN.
If I fail to correctly update one of the TXT records, and updated correctly the first ones, then I have to reissue the certificate, update all the TXT records and renew it, hoping for the best. That’s because after that all the renewals fail on the first domain with «Challenge error: {"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: Response does not complete challenge","status": 400}
».
Is that an expected behaviour of the dns challenge? Are the TXT records used in the issuing moment valids for the renewall process, 1, 60 or 80 days after that moment?