Hi @jvgutierrez
I have to run to a meeting in a moment and can’t investigate this problem fully but based on the description I suspect your issuance process is depending on valid authorizations being reused.
In production if your account authorizes example.com with a DNS-01 challenge that valid authorization will be reused for a subsequent order for example.com (within 30d). E.g. two back-to-back orders, one challenge performed.
In staging we have valid authorization reuse disabled right now (I need to follow-up on the context and whether we intended to revert that change and forgot). In staging the second order would have a pending authorization for example.com and a second challenge needs to be performed.
Understanding why this breaks your integration will require more digging. Perhaps your DNS provider doesn’t handle having two TXT records under the same label well and the 2nd stomps the first?
Authorization reuse is a Let’s Encrypt specific optimization so I think there’s value in figuring out how to make sure your process works even when it is disabled. If you ever needed to switch to a different RFC 8555 ACME server you could encounter this again.
I hope the above gives you some foothold to debug from. I’ll try to circle back to this thread later to see if digging into the logs on our side will help shake out any other details.