Use staging server, registration/key mismatch on production, 403 error, rm keys, proceed.

[gessel]

Testing on a domain with staging, say: # acme-client -mvnsNC /usr/local/www/.well-known/acme-challenge fl4t.us www.fl4t.us

works fine. However, the cert is, unsurprisingly, not recognized (as expected) as it is staging.

Unfortunately # acme-client -mvnFNC /usr/local/www/.well-known/acme-challenge fl4t.us www.fl4t.us yields acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", "detail": "No registration exists matching provided key", "status": 403 }] (120 bytes)

and doesn't fix it - account key exists (not creating), domain key exists (not creating).

Removing the keys manually # rm /usr/local/etc/acme/fl4t.us/privkey.pem # rm /usr/local/etc/ssl/acme/private/fl4t.us/privkey.pem

and then

# acme-client -mvnFNC /usr/local/www/.well-known/acme-challenge fl4t.us www.fl4t.us

Does, which is a fine workaround, but doesn't script as easily. It might be nice to have an option, maybe -R, to force regeneration of keys.