Dns made easy API integration no longer working

I am getting a time error when trying to renew my certificate using the dnsmadeeasy API:
2020-07-06 12:51:25.958 -07:00 [INF] Created ACME Order:
2020-07-06 12:51:26.061 -07:00 [INF] Fetching Authorizations.
2020-07-06 12:51:26.561 -07:00 [INF] Got http-01 challenge
2020-07-06 12:51:26.780 -07:00 [INF] Got dns-01 challenge
2020-07-06 12:51:26.781 -07:00 [INF] Attempting Domain Validation:
2020-07-06 12:51:26.781 -07:00 [INF] Registering and Validating
2020-07-06 12:51:26.782 -07:00 [INF] Performing automated challenge responses ()
2020-07-06 12:51:26.789 -07:00 [INF] DNS: Creating TXT Record ‘’ with value ‘’, in Zone Id ‘4472704’ using API provider ‘DnsMadeEasy DNS API’
2020-07-06 12:51:27.211 -07:00 [ERR] DNS update failed: DnsMadeEasy DNS API :: [DnsMadeEasy DNS API] Failed to create record: DnsMadeEasy: Failed to query DNS Zones. :: {“error”: [“Request sent with date header too far out of sync. Difference in times is -34603, header value is 1594065086000”]}
2020-07-06 12:51:27.212 -07:00 [INF] Requesting Validation:
2020-07-06 12:53:27.732 -07:00 [INF] Attempting Challenge Response Validation for Domain:
2020-07-06 12:53:27.732 -07:00 [INF] Registering and Validating
2020-07-06 12:53:27.732 -07:00 [INF] Checking automated challenge response for Domain:
2020-07-06 12:53:28.037 -07:00 [WRN] Challenge response validation still pending. Re-checking [10]…
2020-07-06 12:53:29.653 -07:00 [INF] DNS problem: NXDOMAIN looking up TXT for _acme- - check that a DNS record exists for this domain
2020-07-06 12:53:39.021 -07:00 [INF] DNS: Deleting TXT Record ‘’, in Zone Id ‘4472704’ using API provider ‘DnsMadeEasy DNS API’
2020-07-06 12:53:39.869 -07:00 [INF] Validation of the required challenges did not complete successfully. DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists for this domain
2020-07-06 12:53:39.869 -07:00 [INF] Validation of the required challenges did not complete successfully. DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists for this domain

I opened a ticket with DNS Made Easy support and this is what they told me:
Just to clarify, we use NTT for time and you would need to use Unix epoch time. Our API allows for up to 30 seconds of difference in time but if the timestamp in the header is off by more than 30 seconds then you will get this error. Please let us know if you have further questions, we’re happy to help!

Based on what I am reading in the logs the time is off by almost 10 hours. Do we have a timezone issue?

It’s much more than that as no timezone on Earth would fix this.

The log and header state the time is 12:51pm PDT. The remote server wanted a header saying it was 3:14am PDT. There are no two timezones that are 9h 37m apart. The remote server wants a request accurate within 30s.

I guess what I’m trying to say is that it sounds like the server’s time isn’t set correctly either. At least, your DNS provider doesn’t think so. Maybe you’re in a *.5 TZ and the server is 7m off.

The timezone question is as easy as answering if your server is in California or elsewhere on the US west-coast. PST/PDT is the Microsoft default timezone since they are in Washington state; if it was never changed… that would explain that part.

I got an answer back from DNS Made Easy:

The bottom of the log you provided states “Difference in times is -34529” which is measured in milliseconds, meaning the difference in time is 4.529 seconds more than our 30 second limit. I apologize for the typo, we use NTP time (network time protocol) and we sync our servers with with ntp.org’s servers. Please let us know how we can best assist you.

I looked at my servers and they are sourcing their clock from vmware 6.7. ESXi is supposed to be syncing to the ntp.org pool in the US. It is not working for some reason. I set my domain controllers to sync directly from ntp.org and all is well again. Sorry for the rabbit hole on this.

Ah, I should have realized the offset was measured in ms just as the epoch time was.