Which value does it need to be in the TXT record?


If I have understood everything, the new wildcard delivery system ask for a TXT record in the dns. But what do I need to put in my dns dB ? The name of the computer of where the certbot is installed ? Or www? Or Blanck space ?

Or the certbot will need to be install on the dns server ? Which is not in my case since I separate every services with different vm.


It’s specified in the challenge, just like the current DNS challenge (and similarly to the http challenge.) You’ll get a basically random string that needs to be placed in the TXT record at _acme-challenge.basedomain.com.


Yeah it s a bit difficult to understand for me.
Like the http challenge you say, but in my understanding, if you don’t have a dns record for your subdomain or domain in dns then you can access it from outside. So it s not depending from the challenge but more the only way to go.

So, will we add something more specific like an Id that the challenge request in an interactive mode or just as you say like the previous challenge ?


If you’re requesting a certificate for *.example.org, the certificate authority will issue a challenge containing a particular random number that you’ll have to put in DNS as a TXT record called _acme-challenge.example.org. The random number will be communicated by the CA to your client software at the time you make your request, and is different for every request (including when you renew the certificate later on).

Similarly, if you’re requesting a certificate for *.carrots.example.org, you’ll receive a random value to be placed at _acme-challenge.carrots.example.org.


Thanks is a bit more clear. I hope to have an visual example in the doc later or in the interactive text of certbot


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.