We would like to use let’s encrypt certs on a domain where we use “dns loadbalancing” where the main record (on Route53) is a NS record pointing at each of our gateway’s that in turn run a DNS server pointing at itself.
certbot certonly --manual --preferred-challenges dns -d $DOMAIN -m $EMAIL --keep-until-expiring
We get error:
IMPORTANT NOTES: - The following errors were reported by the server: Domain: <domain> Type: connection Detail: DNS problem: query timed out looking up TXT for _acme-challenge.<domain> To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
However, the TXT record exists:
❯ dig TXT +short _acme-challenge.<domain> "<uuid>"
Seems to me that let’s encrypt is not following the NS records and doing another lookup there. Could this be the issue? Any way to work around it? Webroot seems to be failing for the same reason (unable to resolve ).
Appreciate any help