Let’s say you duplicate the account key info to two hosts (say a pair of production web servers) - and duplicate the previously generated private key for the requested certs.
Issue LE cert renewal request on server 1 - and get the new cert.
Later - say the next day - you issue the same renewal on server 2 - which still has the old cert on it.
Does the LE/boulder server handle this efficiently - and give server 2 the same cert as it did for server 1? Or does it force a new cert to be generated on your end?
I would expect this to be a common deployment model for redundant services when you don’t necessarily want to directly mirror config between them - setting them up in parallel, but with alternating maintenance windows. I would hate to see this common situation result in waste/overhead on the CA side.
If it’s not already supported, a nice feature would be some way of telling the api and the client “allow server side renewal cache window of X days” - to where it would send back the previously generated cert if it matches the private key signature and was generated within X days.