Keep key for challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

certbot --server -d * --manual --preferred-challenges dns-01 certonly

It produced this output:

Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

Nice to me

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
nope, ssh

So i have a ssh shell to my server and trying to make the dns-01 challenge, but the dns propagation can’t take 12 hours. So what is the command to validate it and keeping the hash for the challenge ?

If i rerun the command it gives me a new hash … And sometimes my ssh connection close. So i have to rerun the command for the challenge.


Hi @bussiere

I can't find nameserver entries with the domain names or

Are you owner of these domains? You must have registered domain names if you want to create a certificate.

The domain names must be visible. Public visible.

Apart from @JuergenAuer's observation about registering the domain name, this is basically the same question as this recent one

The answer there from @mnordhoff is very good.

I forgot to bring this up in that thread, but how long does it really take to change your DNS records?

Let’s Encrypt’s DNS resolvers don’t cache anything.

You don’t have to wait the entire TTL until old cached records would have expired from all DNS resolvers. You only have to wait until all of your domain’s authoritative servers have been updated.

For many DNS services, that takes a few seconds, or a few minutes.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.