When I need to update the DNS TXT record I like to test that the change has propagated through before proceeding with the update. At the moment this involves running NSLOOKUP to grab back the TXT record. It would be very helpful if the “Waiting for User Action” page had a “Check DNS” button to check the TXT record directly.
Thanks yes, it’s a good idea and one that came up very early on when developing the manual DNS feature but never quite bubbled to the top priority. We’d need to check:
- all primary DNS servers for each domain in the cert (as domains may be served by different names servers, even subdomains). Having one server out of (for instance ) 3 not be in sync can cause validation to fail unexpectedly.
- recursive CNAMEs down to the leaf TXT record
Having said that, although we do offer the Manual DNS option (and it is popular) it should always be your absolute last resort unless you’re doing a one-off test. Automation options like acme-dns, a DNS API or custom scripting options are much more preferable if you are planning to use the certificate long term.