First of all, just discovered Let’s Encrypt and I love it
Please be indulgent with my questions as it might appears stupid to some, but I am just starting to get arond the Let’s Encrypt mechanics.
- I need to install certificates on an appliance (Netscaler, not to mention it). I have installed certbot on a CentOS VM, and generated a certificate with certonly and manual options. All is working great, but when I tried to renew the certificate (force-renew, also had to use standalone option else I was getting an error), it fails. Why ? Because while during creation I had time to configure the NetScaler with the validation token before pressing continue on the certbot side, renewal does not offer the same mechanic. The validation token changes, and as the NetScaler is still configured with the previous one, validation fails.
Is there a way to work around that ?
- Based on the previous result, I went with the second way to renew a certificate as described in the Let’s Encrypt documentation, using certonly with the same domain name and force-renewal option. Contrary to the renew option, I successfuly had a break point after the validation token was generated, which allowed me to change the NetScaler side… except that the validation token did not change !!
Is this normal ? Does it mean that If I use this method anytime before the certificate expiration, the validation token will not change ? Or is there a number of days before it expires (I read 30 days somewhere, but it was unclear) ?