Do not revalidate authorizations on forced renewal

This commit introduces a new cli argument `--force-validation` which, when used in combination with `--force` ignores valid domain authorizations and forces a revalidation. This has been implemented since at least LE seems to have changed some behavior on valid authorizations. Only the previously validated authorization-type is reusable, causing dehydrated to error out when changing from recently validated authorization types while still trying to force-renew certificates for whatever reason (e.g. changing algorithms).
2026-04-24 17:28:29 +02:00 · 2020-12-12 03:01:47 +01:00
parent 29b67962ac
commit 316054ad1c
3 changed files with 20 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -74,6 +74,7 @@ Parameters:
 --alias certalias                Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)
 --keep-going (-g)                Keep going after encountering an error while creating/renewing multiple certificates in cron mode
 --force (-x)                     Force renew of certificate even if it is longer valid than value in RENEW_DAYS
+ --force-validation               Force revalidation of domain names (used in combination with --force)
 --no-lock (-n)                   Don't use lockfile (potentially dangerous!)
 --lock-suffix example.com        Suffix lockfile name with a string (useful for with -d)
 --ocsp                           Sets option in CSR indicating OCSP stapling to be mandatory