What's DNS uses Let's Encrypt to generate certs?

Good morning,

What's DNS uses Let's Encrypt to generate certs?
That's it.

Thanks

Not sure what the question is about, but Let's Encrypt queries the domain's nameservers directly. There's no resolver in the middle.

4 Likes

Correct, Boulder uses the "unbound" library to resolve hostnames directly from the DNS root and crawling to the authorative DNS server. It only caches results for a short time itself.

4 Likes

Mmm ok, Is It not possible clean these "cache"? Or How I can see the cache ttl?

The cache ttl is on the order of seconds. There's nothing to "clean". Let's Encrypt just uses your authoritative DNS servers. If you're having trouble with your domain, then I'd recommend either posting it here to see if someone here can help you figure out what's not configured right, or trying tools like DNSViz, UnboundTest, and ISC's EDNS Compliance Tester.

6 Likes

Let's Encrypts resolvers cache for a maximum of 60 seconds (as stated in this thread), actual cache value may be even lower.

It is unlikely that any issues with stale caches are caused on Let's Encrypts side. Usually it's an issue with nameservers returning stale data themselves.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.