We use two DNS providers (self-hosted Windows DNS server and Amazon Route53) for external DNS. I am running into an issue with renewals ending in this failure:
“Validation of the required challenges did not complete successfully. DNS problem: NXDOMAIN looking up TXT for _acme-challenge.{FQDN} - check that a DNS record exists for this domain”
I do not see a way to have both Microsoft DNS and Route53 updated with the same challenge entries when performing a renewal. Rather if I enter multiple services for the DNS challenge, the software only uses one and doesn’t add the DNS records to the other. How can I support this scenario?
Hi, currently the same DNS challenge cannot be written to multiple DNS providers (we’ve not had this request before).
So one name server for your domain is Route53 and the other nameserver is microsoft DNS. You would normally need to write to one DNS server then have the TXT record propagate to the other name server. You need to set the required propagation delay to allow time for the records to copy to all name servers.
Your options are:
- setup DNS replication for TXT records
- or, use acme-dns: this provides a fixed CNAME for each domain/subdomain that redirects to an acme-dns server. One first use the app will log the require CNAME that you need to set up.
- or, use the DNS scripting option and use your own script to create/delete the DNS entries. Scripts are .bat files and can in turn call any other scripting language you have installed.