How to use DNS-01 challenge


I’ having problems of understanding how is that dns-01 -based verification used.Which clients support it and what steps should I make in my servers and what changes in the DNS-record that we have control of are needed to make this work? What do I have to add to our DNS-records? Which client should I use in the servers (do cerbot-autoi or letsencrypt-auto work). With which arguments do I have call them to make client verify one domain for each server (two)…?


Certbot, all of the bash and go alternate clients as well as several of the others support the DNS-01 challenge.

At the simplistic level, the client talks to the Let’s Encrypt ACME server and obtains a “token” that needs to be placed in a TXT record in your DNS. If your DNS provider has an API then this record can be added automatically, or you can do it manually. Once the TXT record is there, Let’s Encrypt verifies this and provides you with a certificate (via the same client).

You will need a new token every time you need to renew for a new certifcate though, hence automation is easier.

Which arguments you need to call depends on which client you are using.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.