Does HTTP-01 use cached ip address?

Hi, specifically for http-01 challenges for v2 api: Does Letsencrypt rely on cached ip addresses when making the http request to http://<domain>/.well-known/acme-challenge/<token>?

Is the <domain>'s ip/A-record/AAAA-record always resolved from authoritative nameservers (no cache) prior to making the http request?

Thanks!

2 Likes

Yes, let’s Encrypt will always attempt to resolve the domain and query the authoritive DNS server for answers.
I don’t think let’s Encrypt use cache for the domain IPs

Edit based on @ski192man

Let’s Encrypt doesn’t use anyone else’s recursive resolver but goes right to the source (making its own queries to the authoritative nameservers for the particular domain in question).
DNS Servers used by LetsEncrypt for Challenges

3 Likes

This was mentioned in another thread by a Let’s Encrypt engineer

Both our staging and production environments use recursive resolvers with a max cache TTL of 60s.

EDIT: Link to where I found it here

5 Likes

Thanks @ski192man and @stevenzhu !

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.