DNS challenge, is an update to DNS required?

tommy-grow · November 1, 2020, 10:45pm

Hey guys,

I am implementing letsencrypt/certbot via DNS challenge. However during the process I noticed that "apparently" each time the renewal job is ran it will generate a new DNS record which will need to be updated.

I would like to know if this is actually correct? As I have seen non official guides that advise of plugins etc to use so route53 can be updated automatically.

Reason for this question is that my manager needs confirmation that this is indeed actually true that DNS needs to be updated per each renewal.

Thanks

Tom

_az · November 1, 2020, 10:50pm

One way or another, a new TXT record must be deployed at every renewal.

When using the Certbot Route53 plugin, it will be done for you automatically and no human intervention is required.

JuergenAuer · November 1, 2020, 10:50pm

Hi @tommy-grow

yes, that's required.

A validation is cached 30 days and re-used.

So if you renew a certificate every 60 days, you will have a new TXT entry.

tommy-grow · November 1, 2020, 11:03pm

Hey @JuergenAuer thanks for this.

system · December 1, 2020, 11:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.