Retry TXT DNS verification


#1

My domain is:
codius.thijsvanulden.nl

I ran this command:
/usr/local/bin/certbot -d uname -n -d *.uname -n --manual --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory certonly

It produced this output:
Provided two DNS TXT values

By the time my DNS records are updated with the TXT fields, the certbot is Timed out. Then when I restart it I get 1 new DNS TXT value so I have to start over and this just continues.
Is there a way to generate the the DNS TXT values and have certbot check or re-check it 24 hours later?

Because I need a wildcard verfication this is the only way as far as I know. I have used Google, read the help information with certbot --help and searched on this forum but did not find information that helps me out.

The company I parked my domain at cannot move faster. It takes this long on their own nameservers.


#2

Hi @ThijsvanUlden,

It shouldn’t take 24 hours to update DNS records, but I understand that you don’t control the hosting provider’s internal processes.

You could delegate the DNS hosting to a different DNS provider (this doesn’t have to be the same entity as your domain registrar), or you could use a CNAME to point the relevant _acme-challenge record at a different DNS zone which can be hosted elsewhere. Let’s Encrypt will follow that CNAME. For example

_acme-challenge.slowzone.net IN CNAME _acme-challenge.fastupdatingzone.com

In this case a client that can update _acme-challenge.fastupdatingzone.com will be able to use that ability to obtain Let’s Encrypt certificates for slowzone.net. An advantage of this is that it can be a DNS provider like CloudFlare that provides a DNS zone update API (so you can do automated renewals with Certbot, acme.sh, or another client), or you can run your own instance of acme-dns and use the CNAME to point at your own server for this purpose.


#3

Thank you sir, your anwer does not only help me, it also educates me :slight_smile: