Hi, specifically for http-01 challenges for v2 api: Does Letsencrypt rely on cached ip addresses when making the http request to http://<domain>/.well-known/acme-challenge/<token>?
Is the <domain>'s ip/A-record/AAAA-record always resolved from authoritative nameservers (no cache) prior to making the http request?
Thanks!
Yes, let's Encrypt will always attempt to resolve the domain and query the authoritive DNS server for answers.
I don't think let's Encrypt use cache for the domain IPs
Edit based on @ski192man
Let’s Encrypt doesn’t use anyone else’s recursive resolver but goes right to the source (making its own queries to the authoritative nameservers for the particular domain in question).
DNS Servers used by LetsEncrypt for Challenges - #6 by schoen
This was mentioned in another thread by a Let's Encrypt engineer
Both our staging and production environments use recursive resolvers with a max cache TTL of 60s.
EDIT: Link to where I found it here
Thanks @ski192man and @stevenzhu !
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.