I have been experimenting with getting Let’s Encrypt to use wildcard certificates and have been using the win-acme tool with the Dreamhost plugin.
I bought a new domain from Dreamhost, got the Api-Key and set it all up.
The process (sort of) works. The challenge is made an a TXT record is correctly created. Then the request to authorize and it usually fails.
The reason is that Dreamhost have 3 nameservers and when the record is added, it must add it to one server, then have a background process to sync.
So, if the ACME authorization process does not find it on the nameserver #1, it rejects it… but the TXT file is present on the nameserver #2 or #3.
If another attempt it made, the code changes and sometimes it finds the TXT, but it’s the previous code… or maybe it just gets lucky and hits the right server.
Dreamhost cannot be the only DNS provider with an API that has background processes to synchronize the DNS records between nameservers and so surely the ACME authorization process should attempt to look for the record on ALL nameservers for a domain? This would solve the problem and be more resilient on their side.
At the moment, I’m thinking all I can do is add a 5 or 10 minute sleep process after adding the record into the plugin and let it wait until that’s done, or is someone aware of another solution? Bearing in mind I won’t know which nameserver will receive the update.