Retain TXT record after DNS-01 challenge #21
Comments
|
Thanks for your feature suggestion. The idea makes sense, but unfortunately your described workflow does not work in all cases, because duckdns does not support multiple TXT records and a single TXT record has a maximum length of 255 characters. The DNS challenge has 43 characters and if the previous TXT record is already too long then the DNS challenge fails. However, I think the following modification of the workflow you described makes sense:
The only disadvantage of this procedure with an already too long TXT record would be that possible TXT values cannot be retrieved in the time of the DNS challenge. But I think this is an acceptable disadvantage compared to a completely deleted TXT record. I will implement the new workflow for the next release |
|
Current status update on this feature: After some testing and implementing I can say that sadly the TXT record must contain only the DNS challenge and it cannot be appended to an existing TXT record at least with Lets Encrypt. |
|
My certificate wasn't auto-renewing itself. When in the end it expired I tried to fix it manually... after almost a day of struggling I've found this topic. Adding --dns-duckdns-no-txt-restore to the command fixed everything. Thank you! Before a fix it was failing with message: "The DNS response does not contain an answer to the question: example.com. IN TXT" I am using snap version. |
|
For me this fix also worked. However I don't get why. Could someone maybe chip in and explain why this is required? |
In this plugin, it will override the TXT record before the challenge and clear TXT after the challenge.
According to rfc1464, TXT record support multiple attribute and value. Currently it can be used as DNS SPF record, DNS DMARC record and IPFS DNS link reord.
I would suggest to the following workflow instead:
The text was updated successfully, but these errors were encountered: