I’m writing my own little ACME client, and it works quite well so far. It uses the DNS challenge in the staging environment. I’m able to create accounts and successfully issue and verify new certificates.
Now I want to implement the renewal functionality. But once an order has been finished, LE always provides the existing certificate, without re-validating the challenges. I know this is intended, but I want to test the renewal and therefore I need re-validating.
My understanding so far is: Protocol-wise there is no difference between issuing and renewal. When a cert is 60 days old, I get a new challenge. Am I wrong with this?
How do I force re-validation and therefore simulate renewal when my cert isn’t 60 days old?