
AWS API Gateway and Let’s Encrypt SSL Certs - talawahdotnet
https://medium.com/quote-unquote-serverless/aws-api-gateway-lets-encrypt-ssl-certs-b6841bf570a4
======
tialaramex
"once you have completed the verification process for a given sub-domain you
do not need to go through the same process again to issue a new certificate"

Authz (the ACME terminology for a data structure recording that your account
is validated for a particular FQDN) have finite lifetime, right now it's 90
days, long enough to get one default renewal but it is expected to shorten to
seven days or less at some point.

So, you should still expect to re-do the DNS validation challenge a few times
per year.

