AutoSSL and DNS Validity period


#1

Hi All,

My hosting is using AutoSSL with Let’sencrypt.

Because my website is behind CDN, so I can’t use the http validation.
I’m trying to use the TXT DCV DNS validation to renew my certificate.

But everytime I click the AutoSSL to run, the TXT challenge keep changed. and made the TXT record that I put into the DNS invalid

Click AutoSSL --> Validation failed with the TXT challenge written on the error --> I change the DNS record as the TXT challenge written in the log --> Click AutoSSL again --> the TXT changed again

as far as I know previously it takes hour or days before TXT challenge are changed right? now it changes on every click.

does the problem within letsencrypt server, or the autossl configuration in my hosting server?


#2

Hi,

Everytime you request a new challenge (start a new order), the challenge is refreshed… (Which means the old order will not be in effect)

Thank you


#3

I believe that AutoSSL is not compatible with setting the TXT record manually. It would only work if the control panel has a way to set it automatically from software. If I understand properly what’s happening, the validation has already failed by the time you see the message from AutoSSL with a TXT record value (in which case that value is already invalid when you see it, and will never be valid again).

The reason that the TXT record is shown in the log is probably to help debug problems with automated certificate issuance systems, rather than to request that you manually post that TXT value.


#4

My understanding:
If the AutoSSL failed the DCV validation check (for http validation) by the plugin (self-check), it’ll also tried to pull TXT validation and set it inside cPanel DNS and tried to complete the challenge via dns validation.
If both failed, the autossl on cPanel (at TLS/SSL status) will show the error (DCV and TXT failed …)…

And it’s surely too late.


#5

Are you using Cloudflare as your cdn?

Thank you