|
|
|
|
|
|
by cm2187
3142 days ago
|
|
|
Also my experience with DNS validation and let's encrypt is that propagation times can be variable. You do not know from where in the world the let's encrypt servers will contact your DNS, so you may see the new entries in your DNS, but it may not have been propagated yet to where let's encrypt query them. And then the validation failed and you need to start again from scratch. So you need to introduce some large delays to be safe. Having DNS validation as an option is very useful, as not all certificates are used for http servers (think smtp) but not trivial to implement. Also wildcard certs will require DNS validation. |
|
|