I have some certificat for wildcard subdomain.
Now I try to renew those certificate, but Let’s Encrypt ask me to create a new TXT record…
With my DNS provider this always take time, I have to check, etc…
Can we make that Let’s Encrypt will always use the same TXT record to validate the renew ?
I don’t want to create a new TXT record each time I have to renew my certificate…
Using stale validations is probably not something that’s ever going to happen.
If your DNS provider has an API, you can automate validation with a hook. Clients like acme.sh and tools like Lexicon implement a wide variety of DNS providers.
acme-dns is another possible solution for people using DNS providers that can’t be easily automated.
Finally, you have the choice to move to a DNS host that supports automation, like Cloudflare.
Yeah, but I don’t have the choice here.
The DNS is the one from my client, and when I create a new entry I have to wait sometimes 1H or more before the entry is ok…
And I have to let the console open waiting the validation… That is really painfull…
I know that with cloudflare it’s more easy and faster… And that we have API…
But here is not possible for this domain
Thx for your answer.
acme-dns should solve all of those complaints:
- No need to wait 1 hour for TXT record to update, because you only need to delegate a single CNAME record (the first time you ran it).
- No need to have a terminal open (apart from the first time you run it)
- No need to change DNS providers
I recommend you give the Certbot hook for the hosted acme-dns service a go: https://github.com/joohoi/acme-dns-certbot-joohoi
It shouldn’t require any setup other than copying the hook file to your server.
thx I will take a look at that.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.