It's my own code, while I'm a #lowcode guy, the custom code is avoid a 1 hour per domain wait time due to my DNS provider's TTL because I'm using wildcard certs which requires DNS01.
Perhaps my question is, isn't the cert renewed based on my CSR (which is paired with my key)?
How is it that I end up with a cert that does not match the key?
PS I'm looking to see if I submitted a wrong CSR, but clarifying my understanding above will help alot.
Thank you.