Both scripts currently compare the serial number of the currently installed and available certificate to determine if a certificate needs to be updated. Based on the assumption that the serial numbers are integers and always incremented, it determines that a certificate is newer if it's serial number is higher than the old one. This does not hold true for the certificates issued by Let's Encrypt. Since in this scenario, acmetool is the authoritative source for certificates anyway I think it's safe to assume that if the value of the serial differs from the currently installed one, it is newer and should be replaced.
Both scripts currently compare the serial number of the currently installed and available certificate to determine if a certificate needs to be updated. Based on the assumption that the serial numbers are integers and always incremented, it determines that a certificate is newer if it's serial number is higher than the old one. This does not hold true for the certificates issued by Let's Encrypt. Since in this scenario, acmetool is the authoritative source for certificates anyway I think it's safe to assume that if the value of the serial differs from the currently installed one, it is newer and should be replaced.
Helmut Pozimski
Both scripts currently compare the serial number of the currently installed and available certificate to determine if a certificate needs to be updated. Based on the assumption that the serial numbers are integers and always incremented, it determines that a certificate is newer if it's serial number is higher than the old one. This does not hold true for the certificates issued by Let's Encrypt. Since in this scenario, acmetool is the authoritative source for certificates anyway I think it's safe to assume that if the value of the serial differs from the currently installed one, it is newer and should be replaced.