How to remain txt value?

ADD txt value
Adding txt value: 0eaZcQ0E for domain:

I would like to ask how the value of txt is generated when adding a txt record. Can the parsed value remain unchanged, and how long is its expiration time

Hi @Teresajw,

It's substantially randomly created by the certificate authority.

And no, it can generally not be re-used from challenge to challenge. You'll need a different DNS TXT record for each certificate renewal; the certificate authority will not accept an old record for validation purposes.

This is why most documentation says that, when using the DNS-01 challenge method, it's best to have an API that lets you create DNS records automatically from software. Otherwise it would be somewhat tedious and error-prone to have to post a new DNS record by hand every few months.

The general requirement to use new validation tokens on a regular basis for confirming new certificate issuance comes from the CA/Browser Forum, which issues industry rules for publicly-trusted digital certificates. I think their reasoning is that they want certificate authorities to check that the person or entity requesting the new certificate still actively controls the domain name, which in some interpretations wouldn't be possible to verify if the token never changed.


thank you first! i know
When I use acme to issue wildcard domain names, such as *., I need two txt records. Only after is issued, will the second txt be generated, and sometimes it will expire. Can I first generate the two txt records, resolve them with the domain name provider, and then issue these two domain name certificates at once

It is valid in the DNS protocol to have more than one record of the same name and type active at once. Just as you can have multiple A records with the same name at the same time (for example, for load balancing), you can have multiple TXT records with the same name at the same time.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.