How to handle an invalid DNS-Challenge


#1

When an challenge become invalid because one of the dns servers was not yet updates,
is there any way to retry the challenge ? Else after such an error the validation is blocked.
Would it be an good idea to use TLSA for validation if an acount/cert key is allowed by the domain owner ?


#2

No. You can’t do anything to fix an invalid authorization.

You need to make a new authorization, with a new challenge value, and set the DNS records again. :slightly_frowning_face:


#3

Hi, this raise the next question

  1. Now the Authorization is expired. And there is no newAuthz in
    https://acme-staging-v02.api.letsencrypt.org/directory
  2. The newOrder return only an order with an expired Challenge.
    So what should i do ?

https://acme-staging-v02.api.letsencrypt.org/acme/authz/HTgji9a0vfB-nwQtlJRKO14I9N4uGFyj8s_0Fhand8U
{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Expired authorization”,
“status”: 404
}


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.