What am I doing wrong?

BAT Script

set zone=%1
set value=%3
powershell.exe -file “C:\Program Files\CertifyTheWeb\Scripts\Common\Adding_Txt.ps1” -zone %zone% -value %value%

PowerShell Script



$body1 = ConvertTo-Json @{

domainId           = '8390938'
domainName         = "_acme-challenge.marhetta.dynu.net"
nodeName           = "_acme-challenge"
recordType         = "TXT"
ttl                = "43"
state              = "true"
textData           = $result.ManagedItem.CertificateThumbprintHash


Invoke-RestMethod -Method POST -Uri ‘https://api.dynu.com/v2/dns/8390938/record’ -ContentType ‘application/json’ -Headers @{ “Api-Key” = $APIKey } -Body $body1indent


I’m guessing you are trying to do custom DNS scripting validation.

The main issue I can see is that you are using the CertificateThumbPrintHash as your TXT record value, instead you should be using the value of -value that you have passed to your powershell script. Also there will be no param($result) as that is the syntax for post-request deployment scripts, not DNS scripting. I don’t do a lot of powershell but I believe the top of your script would need the following to pass in those parameters

 param (

Secondly, don’t store any scripts under C:\Program Files\CertifyTheWeb\Scripts\Common as this location will be deleted when the app next updates.

The API key you have provided in your example appears to be your real key, so you should change that immediately.

Thank you so much that absolutely work.
(API key has been changed.)

So I guess the next question is is there any other strings that I can pass to Powershell.

 param (

I also remember someone talking about a place where we would be able to share DNS scripts?
Is there a URL for that?

Hi, for the DNS scripting there’s only the arguments specified in the docs:

Which are in the order: target domain, record name, record value, zone id (optional)

Regarding the repository of example scripts, I’m not sure where best to keep that just now but certainly adding your script here will help others.

Okay, I able to get certificates now, without any problems. So now the next step is to delete DNS record. And I’m not seeing where there’s a place for testing that is. There’s a button to test to make sure your DNS record is being added into your DNS provider.

When does the “delete script” run, isn’t after it receives the TLS certificate?

Hi, the delete script runs during the ‘cleanup’ phase which is after the DNS record has been validated. Off the top of my head I’m not sure if we currently call it during test, which we should do of course.

I have been working on this project for quite some time. I believe I’ve gotten it all ironed out. If anybody else would like to play with it, here it is, please download. Here’s the link to GitHub.


Hi @tdmarchetta

Thanks for sharing the scripts. When I click the Test button in CTW or recreate and execute each step of your Add.ps1 script in Powershell I can see the Success code 200 and a resulting TXT record in my Dynu control panel, however when I click Request Certificate, no TXT records are added and the challenge process fails.

I have two domains in Dynu and am attempting to request a wildcard certificate for both of them (i.e. *.domain1.com and *.domain2.com)

If you have any suggestions I would be glad to hear them

Thanks again

Test results:

Try getting rid of the commas in create script path and delete script path.

Let me know if that works.

Thanks for the reply. I’ve created a separate certificate request for just the one wildcard domain to keep things simple and applied your advice above. I’m making progress now as I can see a TXT record is created while Requesting a Certificate, although strangely the value is incorrect (repeatedly using a value starting with “IX_”…) which causes the request to fail.

Errors in the log file:

(edit - system won’t let me add a 4th reply here)
I was able to debug that the line $domainid = $getdomaindata… was returning NULL due to the $zone variable beginning with ‘*.’ which was not present in the domains returned by $getdomaindata

So I added this line just before setting the APIKey variable:
$zone = $zone -replace ‘\*.’, ''

I never had a use case for wildcard domains. So, I have never tested it with wildcards. I would have to go back to the drawing board to figure that out.