I am using the DNS-01 challenge with the acme.sh client on a macOS computer running 4D 16.4.0. My hosting provider is DreamHost, and acme.sh uses the DreamHost DNS API to automate the process. It works great.
This 4D server is an internal database that we've made accessible from the web to XHR read/write from our actual DreamHost website using various RestAPI's such as Gravity Forms on WordPress.
The problem I seem to be having is that every month or so, before the certificate expires, the chain breaks with no other changes to the certificate files or webserver.
If I run various certificate checkers for fixing the issue, I get errors about intermediates missing and the full chain certificate not being present.
All it takes to fix this is for me to re-run my Terminal command, which is:
./acme.sh --issue --accountemail "firstname.lastname@example.org" --dns dns_dreamhost -d simon4d.bel.com --fullchain-file "/WebServerPath/cert.pem" --key-file "/WebServerPath/key.pem" --force
The script does it's thing and after restarting the webserver, the chain is fixed and it passes the certificate checkers.
Why would this break over time?