i’m looking at moving to the dns challenge for our development/staging certificates.
i haven’t found much docs on it, and I assume the entry can be cleared out immediately but wanted to be sure.
i’m looking at moving to the dns challenge for our development/staging certificates.
i haven’t found much docs on it, and I assume the entry can be cleared out immediately but wanted to be sure.
Yes, once the authorization status is “valid,” you can clear out the DNS entry. Note: Don’t clear it out in response to receiving the DNS query, because there may be multiple queries in the future.
Thanks for the fast reply. Do you mean “valid” as in “I got the cert”? Or could it be revoked a week later?
The usage I’m looking at is a script that does the following:
we use LE certs on developer workstations to mimic the production stack, and the current system is annoying:
Technically, “valid” meaning when the Let’s Encrypt API says that the authorization’s status has shifted from “pending” to “valid”. That’s between steps 3 and 4 in your list, a moment before the “I got the cert” part.
You can absolutely delete the DNS records as soon as you get the certificate – in fact, a few seconds earlier – and there will be no further checks and it will not result in revocation.
whoa. i use the hooks already, but did not know that cerbot supported DNS-01 yet. wow. now i don’t have to use this third party library that i’m not crazy for!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.