When trying to obtain a wildcard cert including the base domain as well as
*., certbot asks the user to create two TXT records, in sequence, but with the same name.
The problem is that it’s not clear (to me at least) whether I should overwrite the
_acme-challenge TXT record, or create another one with the same name but the second challenge string generated by certbot, or append the second challenge string to the first.
I’m a webdev and not a DNS expert, and in most systems, IDs like
_acme-challenge tend to be unique. My instinct was to overwrite the first value for the
_acme-challenge TXT record. Then I saw various forum posts saying that you need to create one TXT record with both values (separated by a newline?)_. On the other hand, creating two separate TXT records with the same name was (surprisingly to me) possible (on DigitalOcean).
I’m still confused, still haven’t managed to get the cert, and I think there’s room for improved clarity here. One shouldn’t need to be a DNS expert to use certbot, right?