Use staging server, registration/key mismatch on production, 403 error, rm keys, proceed.
gessel opened this issue · comments
Testing on a domain with staging, say:
# acme-client -mvnsNC /usr/local/www/.well-known/acme-challenge fl4t.us www.fl4t.us
works fine. However, the cert is, unsurprisingly, not recognized (as expected) as it is staging.
Unfortunately
# acme-client -mvnFNC /usr/local/www/.well-known/acme-challenge fl4t.us www.fl4t.us
yields
acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", "detail": "No registration exists matching provided key", "status": 403 }] (120 bytes)
and doesn't fix it - account key exists (not creating), domain key exists (not creating).
Removing the keys manually
# rm /usr/local/etc/acme/fl4t.us/privkey.pem
# rm /usr/local/etc/ssl/acme/private/fl4t.us/privkey.pem
and then
# acme-client -mvnFNC /usr/local/www/.well-known/acme-challenge fl4t.us www.fl4t.us
Does, which is a fine workaround, but doesn't script as easily. It might be nice to have an option, maybe -R, to force regeneration of keys.