Repeat of the DNS TXT challenge

frasermarlow · August 24, 2019, 8:17pm

A quick question when using certbot-auto to manually generate a wildcard certificate, and using the DNS TXT challenge.

I have no problem accessing the DNS records via my host (goDaddy) and adding the TXT entries.

Since it can take up to 48 hours for the DNS records to replicate (and the challenge will fail up until that point), what is the command required to re-run the challenge at a later date? I do not have a setup where I can leave the Ubuntu command ‘open’ for two days, and if I repeat the manual certonly command, it issues a new TXT text.

Many thanks.

[PS: this is somewhat close to the topic Certbot dns manual mode, challenge txt changes every run but not quite identical.

My domain is:

I ran this command:
`certbot-auto -d yourserver.com -d *.yourserver.com --manual --preferred-challenges dns-01 --server https://acme-staging-v02.api.letsencrypt.org/directory certonly’

It produced this output:
Worked as expected.

My web server is (include version):
Heroku stack 18-1

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
Heroku

I can login to a root shell on my local machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, Heroku default App management panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.37.2

_az · August 24, 2019, 8:36pm

The whole "48 hours" thing is a vast oversimplification of how these things work. It can be an accurate reflection for people visiting in browsers, but not Let's Encrypt.

With how Let's Encrypt works, the typical delay you will experience when creating these TXT records is around 30-60 seconds. Some providers have delays in the range of 10-20 minutes, but even that is uncommon.

With GoDaddy, a safe estimate is to wait for 5 minutes.

This isn't possible with Certbot.

What you can do, is when you encounter this message:

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Just setup the TXT record and walk away from your computer for 5 minutes. Come back, press Enter, everything should be working.

frasermarlow · August 24, 2019, 9:07pm

OK, thanks so much. Let me try this again. I have been waiting 1+ hours, but so far it has failed every time. Using dig I am also returning blank values (no response) on the TXT values, despite them being present in the godaddy record.

_az · August 24, 2019, 9:15pm

Edit: Oops, I didn’t notice you already shared your domain name.

frasermarlow · August 24, 2019, 9:17pm

Following your last reply, I tried again. This time it worked. I think the issue is that in the DNS record I was putting in the value _acme-challenge.tosnowflake.com but it should have simply been _acme-challenge in the tosnowflake.com DNS entry. Either way, it looks like I am good to go. Thanks.

system · September 23, 2019, 9:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.