How to generate DNS-01 keyAuthorization


#1

Hi,

I’m trying to verify my domains using DNS-01 challenge but I’m not sure how to generate the correct value to populate the TXT record.

For what I’m trying at the moment I get the error: “[urn:acme:error:unauthorized] Correct value not found for DNS challenge”

Is there any documentation or example code to show how to create the correct value?

Many thanks.


#2

I’m not sure that the DNS-01 capability is there yet - see On the state of the dns-01 challenge

I’m sure if you’re willing to help test / debug though it would be appreciated.


#3

Oh I see, I guess if it’s not fully implemented that would make sense… though the new-authz response does contain a dns-01 challenge ability.

Thanks!


#4

I think there are a few bugs still … for example see the post linked above that says

When testing it with a local boulder I had to monkey patch stuff, see https://github.com/letsencrypt/boulder/issues/1242#issuecomment-1641477448 Without it, it wouldn’t pass validation in any case. Did I overlook something fixing that issue?