I’m trying to generate a wildcard let’s encrypt certificate using the DNS challenge and manual method.
The command I use is the following:
certbot certonly -n
-d my-domainname -d *.my-domainname
Inside the manual-auth-hook and manual-cleanup-hook I update via API my DNS, so that the challenge can be verified.
As far as I can see, certbot performs two challenges, since I can see two TXT records being added and then deleted in my DNS (I suppose because I request and *..)
The problem is that somehow randomly the challenges (or one of the two) fail. If I repeat the request for that domain it could work, but it’s not deterministic.
Can you help me to understand what’s happening? Could it be an issue related to the TXT record TTL? I also tried to lower it to 10s, but without success.
Thanks a lot.