Switch from http to dns validation?

I relocated and my new internet provider blocks port 80 among others. Therefore I am considering to switch to dns based validation, but I wonder whether this essentially requires to reissue all my certificates (a three digit number) or whether I can switch them with a script.
I also created the DNS record manually for now, following the guide @ https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-dns-validation-with-acme-dns-certbot-on-ubuntu-18-04, but that have to be changed and at what frequence, or is that kind of permanent?
Thanks, Joachim

2 Likes

Once a certificates is issued, it is no longer bound to the way it was obtained.
[not sure it ever even was - but that is subjective]

DNS TXT authentication records are not a permanent one-time entry.
Each time the ACME client makes a renewal request a new TXT record will be negotiated and must be placed (superseding the previous one) into the expected DNS record.
The frequency is directly linked to your renewal schedule.
Again, you can't possibly know the TXT record that will be required at the next renewal; so there is no way to put that information in there beforehand.
You need to read and better understand the DNS challenge type and how it is handled.
[which, in order to fully automate, requires that the DNS service provider allow for DNS updates via API]

3 Likes