I think I found something.
At the very bottom of LE's FAQ page, https://letsencrypt.org/docs/faq
(under "I successfully renewed a certificate but validation . . ."), I
found:
Once you successfully complete the challenges for a domain, the
resulting authorization is cached for your account to use again
later. Cached authorizations last for 30 days from the time of
validation. If the certificate you requested has all of the necessary
authorizations cached then validation will not happen again until the
relevant cached authorizations expire.
In other words, the authorization cache is likely invalidating the tests
I ran with the rewrite in place!
The more you overthink the plumbing, the easier it is to stop up the drain!
Last night, after I discovered this, I set an alarm for myself (using a
1970s-vintage Los Angeles County Fire Station alarm*, because it's
impossible to ignore), to try another forced renewal next month, one
month after the original certificate issuance, and see what happens. If
the renewal fails, it will give me two months to solve the problem.
__
* FWIW, one of many online copies of the Station 51 alarm (from
"Emergency!") can be found at
https://tvshrine.com/Emergency/ebuzzer.wav
____
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
