I'm developing a server management app that connects to a server and among other things it installs certbot and generates wildcard certificates.
When requesting a certificate from the command line, certbot displays the TXT records that needs to be added to the DNS and waits for the user to press Enter to continue with the verification process. This is ok when manually working from the command line.
Due to the way my app is working I can't simulate pressing the "Enter" key or anything similar, so I had to resort to improvise something like this:
Start the certificate request process and wait until certbot provides the TXT records, get said records from the response and kill certbot.
Display the TXT values to the user in the GUI
Once they've updated the records, they press a "Verify" button which runs the command from step 1 again and generates the certificates.
Most of the time this works as expected, the certificate is generated and all is ok, but sometimes the TXT records received at step 1 become invalid when running the command again at step 3. Instead of finishing the certificate generation process, it claims the old records are no longer valid and returns a new set of txt records... If I add the new txt records to the domain's dns then again it comes back with an invalid response and provides again a new set of txt records.
What exactly I'm I doing wrong and is there any recommended way of achieving what I need to do: get txt records with one command and later finish the process with another command while keeping the TXT records the same between the two steps?
The command I'm currently using in steps 1 and 3 is this:
/usr/bin/certbot certonly --manual --force-renewal --preferred-challenges=dns --email email@example.com --agree-tos -d mydomain.com -d *.mydomain.com --manual-public-ip-logging-ok