LE Using Chached DNS lookups during DV process

felixf · March 5, 2021, 7:46am

Have you verified that all nameservers for that zone deliver the TXT records before telling Let's Encrypt to verify the challenges?

arek · March 5, 2021, 7:50am

Yes. Our tool here first checks if all our DNS have acme records propagated correctly and only then sends request to letsencrypt.

bruncsak · March 5, 2021, 1:10pm

The ACME server (boulder) has 1 minute DNS cache, if my recollection is correct.

rmbolger · March 5, 2021, 4:00pm

I believe it's 1 minute or the value of the TTL on the record, whichever is lower.

Topic		Replies	Views
TTL and DNS server used by Lets Encrypt Help	9	9443	July 27, 2018
Concurrent issuances with DNS-01 challenge Issuance Tech	14	161	May 10, 2025
DNS resolution problem during issuance for one domain Help	5	998	October 2, 2018
Let's Encrypt DNS lookups Help	9	3318	December 8, 2019
DNS01 validation timeouts Client dev	3	1323	April 19, 2020