When testing a acme client I always start with a staging cert to avoid the letsencrypt rate limiter.
Once I know everything is working I then switch to the production cert.
The problem is that lets encrypt fails to obtain the production certificate because it tries to use the existing staging account under the /etc/letsencrypt/live directory.
The cause for the failure is non-obvious.
I think we should look to have separate paths for the production and staging account.
When testing a acme client I always start with a staging cert to avoid the letsencrypt rate limiter.
Once I know everything is working I then switch to the production cert.
The problem is that lets encrypt fails to obtain the production certificate because it tries to use the existing staging account under the /etc/letsencrypt/live directory.
The cause for the failure is non-obvious.
I think we should look to have separate paths for the production and staging account.
Perhaps:
/etc/letsencrypt/live/staging /etc/letsencrypt/live/production
This would make testing easier as a dev an move between staging and production certs without worrying about cleaning up the old accounts.