j81blog
commented
3 years ago Hi,
First it's better to use the latest version "v2.9.3"!
You can just add multiple TXT-records with the same name, as this is supported by DNS. Because for LE those are 2 different domains one for the wildcard and one for the domain itself. So it will generate two records for you to add. each with it's own unique value.
- domain.tld TXT VALUEx
- domain.tld TXT VALUEy
LE will try to validate both records. So you need to add them both. And your provider should support this, but you must ad it as a TXT record not any different type of record!
This is by the way not something I can control, this is by design from Let's Encrypt. My script doesn't generate the TXT records, It will receive the required values from Let's Encrypt. and show you what LE wants to validate.
Personal Note, I prefer not to use wildcards but SAN certificates. SAN certificates are generally seen as more secure and with automatic scripting not an issue to generate more certificates. And with SAN we can completely automate the process.
Hello
when I request -CN "*.domain.tld" -SAN "domain.tld" with DNS It will try to add to different TXT Records to the same DNS - so one will fail.
When I only request -CN "domain.tld" the validation will also fail.
So please on DNS make sure only one TXT will be added and that domains without host will work. Thanks.
(tested with 2.84)