Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I think I am either blind or stupid, something seems to be wrong. I am making a script that creates certs for all of my domains (as of now it doesn't work yet), so I'm making one cert with SANs custom-cds.co.uk and *.custom-cds.co.uk.
I am using DNS verification.
Something seems to be extremely wrong with these challenges:
I do not know, how long the client you are using waits before requesting the ACME server to verify the DNS challenge(s)?
The DNS records must be available on all authoritative DNS servers, before attempting to request the identifier validation.
Ah, I thought that was for the http-01 challenge, with the dot in the middle et c. Didn't realise (or remember ) the TXT value was the SHA256 hash of the keyAuthorization. Thanks!
So I guess this is a bug in the ACME clients implementation of the dns-01 challenge? Although that's weird, because ACMEz from @mholt is a widely used client (probably mostly indirectly by Caddy, but still)?
@martinnaj Can you show us the actual and exact code you're using?