Why is the dns01 authentication status always pending?
The dns txt record can be parsed around the world.
I didn't encounter this problem before when I applied for a certificate, but this time when the certificate was about to expire and cert-manager automatically renewed it, this problem appeared.
Someone please help me. thanks
Yes, I see it. I think the "pending" means that Cert-Manager has prepared the challenge but not yet told Let's Encrypt server to check it.
You might review this troubleshooting guide. Or wait for someone with more cert-manager experience. Still, I am fairly confident that is what "pending" means
Thanks, You're right.
The problem is with one of my A records: *.xx.com.
The Cert-Manager prioritizes the A record over the TXT record. So it's like you said: "pending" means that Cert-Manager has prepared the challenge but not yet told Let's Encrypt server to check it.
I temporarily turned off the A-record to get it resolved.
Problems with Cert-Manager. I think Cert-Manager should modify the checksum logic to get only TXT records,like 'dig TXT xx.com' .