I did - I see name server updates is worked
For example I skip "clean_challenge":
# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
Unknown hook "this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script"
Unknown hook "startup_hook"
Processing *.starline.ru
Unknown hook "this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script"
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for starline.ru
+ 1 pending challenge(s)
+ Deploying challenge tokens...
deploy_challenge: deploy_challenge
deploy_challenge: starline.ru
deploy_challenge: q6ZUOKHlWFIyzN5nyKMDC5mO_jzrGCwNyLEU8bApbTI
deploy_challenge: h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI
/etc/bind/zones/starline.ru:8: using RFC1035 TTL semantics
zone starline.ru/IN: loaded serial 2020053102
OK
+ Responding to challenge for starline.ru authorization...
Unknown hook "invalid_challenge"
+ Cleaning challenge tokens...
clean_challenge: clean_challenge
clean_challenge: starline.ru
clean_challenge: q6ZUOKHlWFIyzN5nyKMDC5mO_jzrGCwNyLEU8bApbTI
clean_challenge: h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI
+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.starline.ru - check that a DNS record exists for this domain",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4919149486/QuWH_A",
"token": "q6ZUOKHlWFIyzN5nyKMDC5mO_jzrGCwNyLEU8bApbTI"
})
exit_hook: exit_hook
exit_hook: Challenge
exit_hook: is
exit_hook: invalid!
exit_hook: (returned:
exit_hook: invalid)
exit_hook: (result:
exit_hook: {
exit_hook: "type":
exit_hook: "dns-01",
exit_hook: "status":
exit_hook: "invalid",
exit_hook: "error":
exit_hook: {
exit_hook: "type":
exit_hook: "urn:ietf:params:acme:error:dns",
exit_hook: "detail":
exit_hook: "DNS
exit_hook: problem:
exit_hook: NXDOMAIN
exit_hook: looking
exit_hook: up
exit_hook: TXT
exit_hook: for
exit_hook: _acme-challenge.starline.ru
exit_hook: -
exit_hook: check
exit_hook: that
exit_hook: a
exit_hook: DNS
exit_hook: record
exit_hook: exists
exit_hook: for
exit_hook: this
exit_hook: domain",
exit_hook: "status":
exit_hook: 400
exit_hook: },
exit_hook: "url":
exit_hook: "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4919149486/QuWH_A",
exit_hook: "token":
exit_hook: "q6ZUOKHlWFIyzN5nyKMDC5mO_jzrGCwNyLEU8bApbTI"
exit_hook: })
As can see - status "invalid"
But record is present on all authoritative ns:
$ cat ./check-challenge.sh
#!/usr/bin/env bash
nslist="ns8-l2.nic.ru.
ns3.ultrastar.ru.
ns.ultrastar.ru.
ns4-cloud.nic.ru.
ns2.ultrastar.ru.
ns4-l2.nic.ru.
ns8-cloud.nic.ru."
while (true); do
echo "-- check _acme-challenge --"
for ns in $nslist; do
echo -en "$ns:\t\t"
dig +noall +answer -t TXT _acme-challenge.starline.ru @${ns}
done
sleep 5;
done
$ ./check-challenge.sh
-- check _acme-challenge --
ns8-l2.nic.ru.: _acme-challenge.starline.ru. 60 IN TXT "h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI"
ns3.ultrastar.ru.: _acme-challenge.starline.ru. 60 IN TXT "h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI"
ns.ultrastar.ru.: _acme-challenge.starline.ru. 60 IN TXT "h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI"
ns4-cloud.nic.ru.: _acme-challenge.starline.ru. 60 IN TXT "h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI"
ns2.ultrastar.ru.: _acme-challenge.starline.ru. 60 IN TXT "h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI"
ns4-l2.nic.ru.: _acme-challenge.starline.ru. 60 IN TXT "h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI"
ns8-cloud.nic.ru.: _acme-challenge.starline.ru. 60 IN TXT "h8mJSiCEuipttSCQMltOrZvCCnf2n9PC8TD6I-syFLI"