Wildcard and DNS validation


#1

Hi,

I have some certificat for wildcard subdomain.
Now I try to renew those certificate, but Let’s Encrypt ask me to create a new TXT record…

With my DNS provider this always take time, I have to check, etc…

Can we make that Let’s Encrypt will always use the same TXT record to validate the renew ?
I don’t want to create a new TXT record each time I have to renew my certificate…

Thx


#2

Using stale validations is probably not something that’s ever going to happen.

If your DNS provider has an API, you can automate validation with a hook. Clients like acme.sh and tools like Lexicon implement a wide variety of DNS providers.

acme-dns is another possible solution for people using DNS providers that can’t be easily automated.

Finally, you have the choice to move to a DNS host that supports automation, like Cloudflare.


#3

Yeah, but I don’t have the choice here.
The DNS is the one from my client, and when I create a new entry I have to wait sometimes 1H or more before the entry is ok…
And I have to let the console open waiting the validation… That is really painfull…

I know that with cloudflare it’s more easy and faster… And that we have API…
But here is not possible for this domain :frowning:

Thx for your answer.


#4

acme-dns should solve all of those complaints:

  • No need to wait 1 hour for TXT record to update, because you only need to delegate a single CNAME record (the first time you ran it).
  • No need to have a terminal open (apart from the first time you run it)
  • No need to change DNS providers

I recommend you give the Certbot hook for the hosted acme-dns service a go: https://github.com/joohoi/acme-dns-certbot-joohoi

It shouldn’t require any setup other than copying the hook file to your server.


#5

thx I will take a look at that.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.