Domain validation with DNS

patelbhavin8008 · February 8, 2018, 8:13am

Hi,

I am trying to configure letsencrypt ssl. Here either we need to do https domain validation or DNS. as my hositng provider does not give .well-known directory to user as it is used for some server configurations so i need to do DNS validation.

But here also I have issue as below

For DNS validation we need to create subdomain with underscore (_) link as below

_acme-challenge.domian.com
_acme-challenge.www.domain.com

now underscore () is not valid character for domain names so hosting provider does not allow to create sub domain with (). I check this with few hositng provider all does not allow underscore.

So how can i valide now for ssl

_az · February 8, 2018, 9:19am

This is the mistake of the host.

DNS and related specifications allow for underscores to be present at the beginning of labels for CNAME, SRV and TXT records. The fact that they are not valid host names is an intentional side effect of using underscores.

Underscores are already widely used for DKIM and SIP configurations, Let's Encrypt is not using them in a novel way.

The majority of reputable DNS hosts do support their use in these ways.

You will not be able to use the DNS challenge unless your hosts allows it, so you will either need to use the HTTP challenge, or move to another DNS host.

Topic		Replies	Views
Underscore ("_") as a valid domain name? Server	6	18263	May 21, 2017
Underscore in subdomain fails Help	6	10699	May 6, 2017
“DNS-01 challenge” with domain redirection: is this Let’s Encrypt feature possible? Feature Requests	8	653	May 3, 2025
Domain name contains invalid character Help	12	11033	August 5, 2022
Requested domain is not a FQDN	2	10975	January 2, 2016

Domain validation with DNS

Related topics