About requests and TXT records


#1

Hi, let’s say that I request certs for example.com, www.example.com and mail.example.com using DNS-01.

Let’s say that I make a new request, Let’s Encrypt ask me to add the new TXT records, is there a way to use the previous TXT records?

Thanks in advance!


#2

Hi @sebelk,

I don’t believe this is possible. The ACME specification section on DNS challenges describes the token parameter that is the input for how your client calculates the required TXT records as a “random value that uniquely identifies the challenge”. Since the token would differ between two DNS challenges, the TXT record would differ as well.

With that said, an authorization (DNS, HTTP, or otherwise) is valid for 90 30 days (eventually this will be reduced towards ~7days). What this means is that as a product of authorization reuse if you successfully complete a DNS challenge with your account today, you could issue a new certificate containing the authorized domain without needing to do any TXT record manipulation for 90 30 days. Perhaps this helps meet the use case you’re trying to solve by reusing the TXT record?

Hope this helps!

Edit: This old post is getting more traffic so I’ve updated the authorization lifetime from 90d to 30d to reflect where we’re at on 2018-03-07


#3

Thanks @cpu,

My problem is that I’ve added txt records and it seems that it doesn’t accept them:

Challenge error: {"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: Response does not complete challenge","status": 400}

I don’t understand why… because of that I thought that perhaps is asking me for earlier records…

Thanks in advance


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.