Http and Dns challenge uses same token?

Hi people, someone know if the token (digital signature) is the same in http and dns challenge processes?

Let me be more clear. I am trying to use the client version of the project However it has only the challenge in http mode, which is even working. However i need the dns mode. To sum up I took content from the .well-known / acme-challenge token and put it in the _acme-challenge txt record but it shows me as an incorrect record.


Welcome to the Let's Encrypt Community, Carlos :slightly_smiling_face:

They are definitely not the same.

Give me a second and I'll give you the details.


My PHP...

function b64e($binarystring)
  return strtr(rtrim(base64_encode($binarystring), '='), '+/', '-_');

function jsone($data)
  return json_encode($data, JSON_UNESCAPED_SLASHES);

$jwk = [
  "e" => b64e(hex2bin($e)),
  "kty" => "RSA",
  "n" => b64e(hex2bin($n))

$Thumbprint = b64e(openssl_digest(jsone($jwk), "sha256", true));

$challengevalue = "{$challenge["token"]}.{$Thumbprint}";

$httpchallengevalue = $challengevalue;

$dnschallengevalue = b64e(openssl_digest($challengevalue, "sha256", true));
1 Like

When using, there is a function which will give you the required TXT record.

You just need to pass in the KeyAuthorization from the challenge struct (which if you recall, would be the contents of the file for the HTTP challenge):

txt := acme.EncodeDNS01KeyAuthorization(chall.KeyAuthorization)

It works, really tks _az


2020/11/25 19:42:14 Connecting to acme directory url:
2020/11/25 19:42:15 Loading account file account.json
2020/11/25 19:42:16 Account url:
2020/11/25 19:42:16 Creating new order for domains: []
2020/11/25 19:42:16 Order created:
2020/11/25 19:42:16 Fetching authorization:
2020/11/25 19:42:17 Fetched authorization:
2020/11/25 19:42:17 Creating challenge token file: /var/www/html/.well-known/acme-challenge/TAm7oyoTSGt41NuDvi3eoq85cOoMWNARQdDZZuQ6Z9E
2020/11/25 19:43:17 Updating challenge for authorization
2020/11/25 19:43:18 Challenge updated
2020/11/25 19:43:18 Generating certificate private key
2020/11/25 19:43:18 Writing key file: privkey.pem
2020/11/25 19:43:18 Creating csr
2020/11/25 19:43:18 Finalising order:
2020/11/25 19:43:19 Fetching certificate:
2020/11/25 19:43:19 Saving certificate to: cert.pem
2020/11/25 19:43:19 Done.


I'm glad you got this sorted, I'll look at adding an example to use this.


tks griffin,I think that is same thing that _az said.


It is. I just gave you a peak inside the black box. :blush:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.