Wildcard dns mode dns txt record is changing?


#1

Within hours,Run command to certificates for same site and url get same dns txt record result.
But after several day, result txt record is different.
What is time interval between letsencrypt will change dns txt record for same site and url.


#2

Is your question: how often Let’s Encrypt will change the value of the _acme-challenge TXT record that must be created for your domain?

If so, the answer is: it depends.

In the best case, a TXT record (or authorization, in other words) will be re-used for up to 30 days, assuming you’re using the same Let’s Encrypt account. But there are a variety of circumstances in which it will change in less than 30 days.

Ultimately, you should not rely on it staying the same. It will definitely change by the time you need to renew your certificate.

Ideally, your Let’s Encrypt client should be automatically handling this for you. Many clients like acme.sh support automatically updating your DNS and creating wildcard certificates, provided that you use a DNS host that is supported: DNS providers who easily integrate with Let's Encrypt DNS validation


#3

You’re expecting here that @zhufenggood actually managed to verify the challenge and it succeeded. I’m getting the feeling @zhufenggood tries to get the challenge to verify, but fails. And with every run of certbot, he’s getting a new token, because the previous challenge was invalidated by the failed attempt.


#4

That’s a good point - failed authorizations will not be re-used.

So I guess @zhufenggood should maybe try waiting longer (even for 30 minutes) between updating their DNS record, and continuing with the process to request the SSL certificate.


#5

its great but i use letsecrypt and i had - failed authorizations, can i re-use on my website

[Edit: link removed by moderator]


#6

@rakwaro If you’re for real, please start a new thread in the #help category explaining your issue.