How to generate DNS-01 keyAuthorization


I’m trying to verify my domains using DNS-01 challenge but I’m not sure how to generate the correct value to populate the TXT record.

For what I’m trying at the moment I get the error: “[urn:acme:error:unauthorized] Correct value not found for DNS challenge”

Is there any documentation or example code to show how to create the correct value?

Many thanks.

I’m not sure that the DNS-01 capability is there yet - see On the state of the dns-01 challenge

I’m sure if you’re willing to help test / debug though it would be appreciated.

Oh I see, I guess if it’s not fully implemented that would make sense… though the new-authz response does contain a dns-01 challenge ability.


I think there are a few bugs still ... for example see the post linked above that says

When testing it with a local boulder I had to monkey patch stuff, see integration tests for the DNS challenge · Issue #1242 · letsencrypt/boulder · GitHub Without it, it wouldn't pass validation in any case. Did I overlook something fixing that issue?