Free DDNS that offers TXT record for DNS challenge

hi all,

im currently with noip the free service which is good but it doesnt offer txt records (paid feature plus its not supported via the ACME client)

are there free DDNS services out there that offer TXT records and work with the ACME client aswell


1 Like

I found recently that one (I did not try myself):

They write:

"We provide a variety of DNS records including A, AAAA, CAA, CNAME, LOC, MX, PTR, SPF, TXT etc as well as web redirect and offline actions. Wildcard alias as well as individual IP address updates for aliases are also supported. "


Duckdns does offer it.


would you say duckdns is anygood?

would you advise installing the ACME client on a FW with DNS challenge, do you think thats safe

I used it for a long time but not recently and never using dns-01 validation. It always worked fine.


Safety is not a binary value [absolutes don't exist].
I'd say on a scale from 0 to 10 [higher being safer], that's like: 3.5
[which might be more than enough to secure a home system]

1 Like

There is certain restriction of the use of the TXT record type at


OK I just need to find out what free DDNS providers offer the api dns challenge method

I still have the feeling you don't fully understand how it works.

It's also a little bit confusing to have two threads on the same subject open at the same time.

  • At the Let's Encrypt side, there is the ACME protocol and the ACME protocol currently has three challenges, among them the dns-01 challenge type.
  • To complete the dns-01 challenge, a TXT resource record needs to be added to the DNS zone with a specific label (_acme-challenge). This can be done manually or automatically, where the latter is prefered.
  • To do item 2 automatically, the DNS provider would need to offer an API to add (and delete) the TXT resource record.
  • Also, for item 2 to be automatic, the used ACME client would need to be able to "speak" the API offered by the DNS provider.

so if i add a TXT record to my DDNS provider does that mean i dont have to have the ACME client on my opnsense firewall anymore?

How are you going to get a certificate without an ACME client?

Please read:


true, i need certbot agent on my web server or the acme agent firewall

"the acme agent firewall"? You mean


sorry the acme agent on firewall ie the

1 Like

im going with dynu DDNS and ive seen they offer the API feature for DNS challenge for use with ACME so giving that a shot and let you know the outcome

just trying to figure out how to add the DDNS service for dyno into my opnsese as they havnt got the service for dyno provider so going to have to specify it as a custom service

For reference, cloudflare's basic service is free and includes DNS (with TXT records etc).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.