Improvement: Retry logic

[lukas2511]

Dehydrated currently doesn't have retry logic and just aborts after a single failure (or just continues with the next certificate).

There have been several tickets about this issue, this one should consolidate those tickets and serve as a reference point for future quick-closes.

[Exagone313]

I've had an issue for a while (a few months) where dehydrated fails to renew the certificates due to issues with Let's Encrypt's own DNS resolver, that randomly fails to resolve CAA records (even for top-level domains sometimes).

The definitive fix is implementing a retry logic. This is not something I would write naively, it needs at the very least to be considerate with rate limits.

Here is a partial result output, so that this issue appears in searches.

{
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "During secondary validation: DNS problem: query timed out looking up CAA for xyz",
    "status": 400
  }
}

The wordaround I have is to run dehydrated more often than before, hoping a next run will have more luck.