DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vadim.com.ru - check that a DNS record exists for this domain

@Volkodav There is nothing we can do about your poor DNS behavior. We have seen odd things before with Yandex. You should try the HTTP Challenge methods or switch DNS providers.

Or, maybe try 1H or even longer DNS sleep. The TXT record must propagate through all the DNS Servers Yandex uses. Just because you see it on a panel doesn't mean that has happened.

4 Likes

@MikeMcQ HTTP Challenge methods vs wildcard - what is the major difference between the two? Am I going to be missing something in terms of security?

"Wildcard" describes the name in the cert. You are not using a wildcard name today so you could use the HTTP method to get your same cert.

Wildcards are used when people have many subdomain name that change regularly. If you just use one or a small number of names that don't change much it is often easier to use HTTP Challenge.

There is no difference in security between a cert with a wildcard name and one that does not have a wildcard name.

3 Likes

@MikeMcQ Thanks for your help !Well then it makes sense to do http instead like so:
acme.sh --issue -d example.com -w /home/wwwroot/example.com or
acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com

2 Likes

At the last attempt I set 2Hrs sleep time and it worked. I am really grateful for your help.

1 Like

If Iā€™d had an idea of how long (I mean really long) the sleep time should have been set this would have been resolved nice and quick. Two good advices! Thank you

2 Likes

Glad it's working. I still think you will have more reliable results switching to the HTTP Challenge method. And, you won't have to wait 2H :slight_smile:

3 Likes

True, will do next time

2 Likes