ACME using "old" ("unconfigured") keys - specific case GANDI_LIVEDNS_TOKEN

[le_top]

Long story short: when changing the challenge type for a previously configured challenge the original values are still stored and interfere with the configuration we desire to apply.

In my case, I had updated a "Gandi LiveDNS" Challenge to a DNS-01 challenge for OVH.


I determined that an old token was used after setting the acme debug level to debug3 and checking the authentication value.


Based on this Forum reply , I checked the files under
/var/etc/acme-client/accounts/*/account.conf .

In one of these files I did indeed file the old token that was wrongfully used. 

Code Select Expand

SAVED_OVH_AK='<some_ak>'
SAVED_OVH_AS='<some_as>'
SAVED_OVH_CK='<some_ck>'
GANDI_LIVEDNS_TOKEN='<oldtoken>'
After removing that last line (GANDI_LIVEDNS_TOKEN=) I finally could regenerate the token.


The better solution would be that only the required configuration is loaded for acme.sh of course.