For the ACME v2 DNS-01 Challenge we all know " ACME client a token, your client will create a TXT record derived from that token and your account key, and put that record at _acme-challenge.<YOUR_DOMAIN> ."
But will the ACME v2 DNS-01 Challenge allow for more than just the DNS TXT record for _acme-challenge.<YOUR_DOMAIN>?
Can I have a DNS A Record and a DNS TXT Record for _acme-challenge.<YOUR_DOMAIN> without issue for the ACME v2 DNS-01 Challenge?
I have the Domain zjhzcrxvjcidp.ml, I have created both TXT and A records for _acme-challenge.zjhzcrxvjcidp.ml
I just pick Google's 8.8.8.8 IPv4 Address for the DNS A Record
And for the TXT Record the string _acme-challenge goes here
nslookup can query each of them successfully.
If I were to try a DNS-01 Challenge and update _acme-challenge.zjhzcrxvjcidp.ml TXT field with the Challenge Token should the challenge succeed?
Or am I violating ACME v2 DNS-01 Challenge requirements?
(if so, how? a description or a URL to a document, etc)
The spec says that the ACME server will "Query for TXT records for the validation domain name", so I don't see why other records for that name would be relevant, whether there or not.
Be aware that the concept of "v2" is just Let's Encrypt's API versioning due to them starting things before ACME was all standardized, by now there's just the relevant RFCs which don't really have version numbers in that way as best as I understand it.
Yeah, I mean you could always try against LE Staging, Pebble, and maybe even some actual CAs if you want to see how it works in practice, rather than relying on my quick glancing through the spec.
I believe you can also have multiple completing TXT records as well. IIRC, LetsEncrypt will inspect all the DNS records for a match but some providers will only support one or their own maximum number of records.
Since I was doing it all manually with https://gethttpsforfree.com/ just had 1 TXT Record that I edited and updated (and wait for propagation), and for the second challenge just reedited the TXT Record again.