When using -t dns-01 to use a different validation method, acme-client instantly exits with an error, if the validation fails on first try:
acme-client: https://acme-staging.api.letsencrypt.org/acme/challenge/foobar/123: bad response
acme-client: transfer buffer: [{ "type": "dns-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "DNS problem: NXDOMAIN looking up TXT
-OR-
acme-client: https://acme-staging.api.letsencrypt.org/acme/challenge/foobar/123: bad response
acme-client: transfer buffer: [{ "type": "dns-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Correct value not found for DNS challenge",
Some validation methods like DNS-01 may take a few seconds or minutes before validation can succeed (depending on the DNS provider used).
Please add an option to allow acme-client to retry for a specified amount of time. Maybe something like -R 30 (retry 30 times) and -w 5 (wait 5 seconds between retries).
(As an alternative, maybe print the challenge URL earlier in the process, so that the external validation script can check the validation status before allowing acme-client to continue.)
Your update script should be fixed. By the time it responds to acme-client, it should be ready to serve the world. Change it to verify the DNS record itself before reporting to acme-client that it's done.
When using
-t dns-01
to use a different validation method, acme-client instantly exits with an error, if the validation fails on first try:-OR-
Some validation methods like DNS-01 may take a few seconds or minutes before validation can succeed (depending on the DNS provider used).
Please add an option to allow acme-client to retry for a specified amount of time. Maybe something like
-R 30
(retry 30 times) and-w 5
(wait 5 seconds between retries).(As an alternative, maybe print the challenge URL earlier in the process, so that the external validation script can check the validation status before allowing acme-client to continue.)