We've added a DYN endpoint for creating TXT records which can be used to validate letsencrypt certificates. The credentials to use are the same as for DYN updates. An example of the parameters that need to be passed:
I'm planning to use the acme.sh. Acme.sh have several dns methods for different sites. is any one of those methods capable to send the information according tho the format examplified by Brad C. above?
I have created script for acme.sh that utilize the endpoint described by Brad C. above. It can also be used with the pfsense acme package. For obvoius reason there is no delete txt endpoint. You can find the script plugin here: https://github.com/blueslow/sslcertzoneedit
There is still a little issue though.
My (wildcard) domain certificate requires two _acme-challenge TXT records to be created in the DNS.
No problem with that, just wait 5 minutes between the "txt-create" requests, because any faster will end in an ERROR 702 "Minimum 300 seconds between requests" issued by Zoneedit.
Then two requests to delete the TXT records will follow, as the records are no longer needed after verification.
Again there must 5 minutes between the last "txt-create" request and the first "txt-delete" request and between the first and second "txt-delete" requests.
And that is where the problem appears.
Meanwhile the certificate client (Crypt-LE version 0.38 for Let's Encrypt) is tired of waiting and issues a "Domain verification results for <domain-name> error. JWS has an invalid anti-replay nonce: <a random code>".
So here is the question: would it be possible to shorten the minimum time between requests, to say 60 or 120 seconds?
Of course I could try to skip and store the "txt-delete" requests and execute these after the certificate is created, but would be a less neat solution.