On 2018-03-16, Michael Hekeler <mich...@hekeler.com> wrote: >> Hi, >> >> thanks for the samples I will give it a try but wondering why >> acme-client still works even httpd is not serving any kind of >> location for a challenge exchange? > > acme_client(1) is only working if a file could be created within a > directory accessible by a locally-run web server.
acme-client can only validate an authorization that way. but for a forced renewal for something that's already active, there's likely to already be a validated authorization on the letsencrypt account, in which case it wouldn't need to revalidate. >> Like I said I stoped httpd >> intirely and still got a new certificate with acme-client. > > if you really stopped httpd and there is still something listening then > there is another webserver process running. > You can check locally with netstat(1) or 'ps -aux' fstat is better, it will tell you the pid.