Open
Description
When the MDCertificateAuthority
setting of a managed domain is changed from Let's Encrypt staging (https://acme-staging-v02.api.letsencrypt.org/directory
) to Let's Encrypt production (https://acme-v02.api.letsencrypt.org/directory
), mod_md does not fetch a new certificate.
mod_md continues to use the certificate from LE's staging environment. The problem is that browsers don't trust this certificate, they only trust certificates from LE's production environment.
I think mod_md should discard existing certificates for a managed domain if MDCertificateAuthority
has changed.