I try to get couple of certificates for domains listed bellow, not all of them are hosted on same server and not all of them are hosting web pages, some are just mail servers as can be seen. So i would like to use DNS plugin to ease the pain so to say. However, our domain has 5 nameservers (1 master and 4 slaves), and when i use certbot DNS plugin to obtain the certificates, it will successfully create TXT records on master DNS, master DNS will send notifies to slaves, and because slaves host a lot of other domains sometimes, they don’t update immediately but takes more than 60 seconds for some of them. I’ve noticed that acme checks whatever DNS servers it can find and it can hit fast enough, but since propagation doesn’t happen that fast, it will always fail to verify AT LEAST 1 domain… Actually, this is the first time today I’ve managed to have only 1 failure, usually it’s at least 4.
Is there any chance that i can increase the wait time for changes to take effect or maybe force acme to only check one nameserver of my choice, say ns.mywimax.me (which is actually the master DNS)?
Any help is greatly appreciated. Thanks in advance!
My domain is: mywimax.me
I ran this command: certbot certonly --dns-rfc2136 --dns-rfc2136-credentials .secrets/rfc2136.ini -d mywimax.me -d biznis.mywimax.me -d crm.mywimax.me -d help.mywimax.me -d home.mywimax.me -d mail.mywimax.me -d phpmyadmin.mywimax.me -d webmail.mywimax.me -d smtp.mywimax.me -d imap.mywimax.me --dry-run
It produced this output: Failed authorization procedure. mail.mywimax.me (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.mywimax.me
My web server is (include version): nginx/1.12.2
The operating system my web server runs on is (include version): CentOS 7.6
My hosting provider, if applicable, is: Self hosted
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 0.31.0