You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi all,
first thanks for this useful program! I've noticed one issue with my DNS provider, they seem to be a bit slow to update the entry on their authoritative DNS servers. But it also looks like the integrated DNS check of dnsrobocert does not check against the authoritative name servers and thus does not notice the DNS entry has already been updated? Take a look at this log excerpt:
Hook '--manual-auth-hook' for domain.de ran with output:
Executing auth hook for domain domain.de, lineage domain.de.
Challenges to check: ['_acme-challenge.domain.de']
Wait 120 seconds before checking that all challenges have the expected value (try 1/13)
TXT _acme-challenge.domain.de does not exist.
Wait 120 seconds before checking that all challenges have the expected value (try 2/13)
TXT _acme-challenge.domain.de does not exist.
[...]
Wait 120 seconds before checking that all challenges have the expected value (try 12/13)
TXT _acme-challenge.domain.de does not exist.
Wait 120 seconds before checking that all challenges have the expected value (try 13/13)
TXT _acme-challenge.domain.de does not exist.
Hook '--manual-cleanup-hook' for domain.de ran with output:
Executing cleanup hook for domain domain.de, lineage domain.de.
Certbot has been configured to prefer certificate chains with issuer 'ISRG Root X1', but no chain from the CA matched this issuer. Using the default certificate chain instead.
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/domain.de/fullchain.pem
Key is saved at: /etc/letsencrypt/live/domain.de/privkey.pem
So the pre-check says 13 times it cannot find the DNS information, but the check of letsencrypt finds it in the end. When I checked with dig the DNS entry on the authoritative server was updated after about ~10 minutes.
My dnsrobocert config uses these two config options for checking/retry:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi all,
first thanks for this useful program! I've noticed one issue with my DNS provider, they seem to be a bit slow to update the entry on their authoritative DNS servers. But it also looks like the integrated DNS check of dnsrobocert does not check against the authoritative name servers and thus does not notice the DNS entry has already been updated? Take a look at this log excerpt:
So the pre-check says 13 times it cannot find the DNS information, but the check of letsencrypt finds it in the end. When I checked with dig the DNS entry on the authoritative server was updated after about ~10 minutes.
My dnsrobocert config uses these two config options for checking/retry:
Beta Was this translation helpful? Give feedback.
All reactions