[GH-ISSUE #1143] How to use it with a generic provider with DNS TXT records? #938

Closed
opened 2026-02-26 06:35:04 +03:00 by kerem · 6 comments
Owner

Originally created by @kosuodhmwa on GitHub (Jun 1, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1143

Hi

How to use Nginx Proxy Manager with round robin DNS A-Record when i want to get a Let's Encrypt certificate? What to select in the DNS Challenge Provider select box? There are 2 generic entries: 1.) Something with rfc and the entry on list bottom called DNS-ACME...

Now:

a.) What to to when i have another provider the the ones they are in that list? Using the rfc method or DNS-ACME...?

AND

b.) Are DNS TXT-Record the correct record type to handle that issue

I can't find a step-by-step guide to realize that - and i also read that this part was removed from the Lets Encrypt documentation: https://serversupportforum.de/threads/lets-encrypt-zertifikat-ausstellen-wenn-dns-round-robin-verwendet-wird.60226/

Thank you very very much for your feedbacks!! :-)

Originally created by @kosuodhmwa on GitHub (Jun 1, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1143 Hi How to use Nginx Proxy Manager with round robin DNS A-Record when i want to get a Let's Encrypt certificate? What to select in the DNS Challenge Provider select box? There are 2 generic entries: 1.) Something with `rfc` and the entry on list bottom called `DNS-ACME`... Now: a.) What to to when i have another provider the the ones they are in that list? Using the `rfc` method or `DNS-ACME`...? AND b.) Are DNS TXT-Record the correct record type to handle that issue I can't find a step-by-step guide to realize that - and i also read that this part was removed from the Lets Encrypt documentation: https://serversupportforum.de/threads/lets-encrypt-zertifikat-ausstellen-wenn-dns-round-robin-verwendet-wird.60226/ Thank you very very much for your feedbacks!! :-)
kerem 2026-02-26 06:35:04 +03:00
Author
Owner

@kosuodhmwa commented on GitHub (Jun 2, 2021):

Is that possible what i want or not?

<!-- gh-comment-id:852814228 --> @kosuodhmwa commented on GitHub (Jun 2, 2021): Is that possible what i want or not?
Author
Owner

@chaptergy commented on GitHub (Jun 2, 2021):

I do not know much about the two generic providers either. Maybe you will find useful information on the documentation of certbot-dns-acmedns and certbot-dns-rfc2136.

But generally DNS challenges is what you need. If you have your domains at a provider, which is not listed, you can visit pypi.org, and search for a package with the name certbot-dns-<privider>. If such a package exists, you can open an issue requesting this package to be listed in the dropdown. If such a package does not exist, I'm afraid you won't be able to use NPM to solve the DNS challenge for you.

<!-- gh-comment-id:853027858 --> @chaptergy commented on GitHub (Jun 2, 2021): I do not know much about the two generic providers either. Maybe you will find useful information on the documentation of [certbot-dns-acmedns](https://pypi.org/project/certbot-dns-acmedns/) and [certbot-dns-rfc2136](https://certbot-dns-rfc2136.readthedocs.io/en/stable/). But generally DNS challenges is what you need. If you have your domains at a provider, which is not listed, you can visit pypi.org, and search for a package with the name `certbot-dns-<privider>`. If such a package exists, you can open an issue requesting this package to be listed in the dropdown. If such a package does not exist, I'm afraid you won't be able to use NPM to solve the DNS challenge for you.
Author
Owner

@kosuodhmwa commented on GitHub (Jun 2, 2021):

Hello

Thank you very much for your feedback. It's just a "plain vanilla" DNS provider (the same company where the domains was bought)

Am i wrong when i think it's pissible with EVERY dns provider and (the corrrect) DNS TXT records...?

<!-- gh-comment-id:853035762 --> @kosuodhmwa commented on GitHub (Jun 2, 2021): Hello Thank you very much for your feedback. It's just a "plain vanilla" DNS provider (the same company where the domains was bought) Am i wrong when i think it's pissible with EVERY dns provider and (the corrrect) DNS TXT records...?
Author
Owner

@chaptergy commented on GitHub (Jun 3, 2021):

It is usually the case that your domain provider is also your DNS provider.

Yes and no. Certbot does in theory allow manual DNS challenges, where you manually create the record, which is compatible with every DNS provider, which lets you edit the records. However this is not available through NPM. Also in practice, since a LetsEncrypt certificate expires after 3 months, it should be renewed every 2 months. So every 2 months you would have to manually add a specific TXT record to your domain for your certificate to continue working. This is why this is not officially recommended by certbot.

That is why NPM only support DNS providers which have an API though which you can set this record, so all this can be done automatically.

<!-- gh-comment-id:853633930 --> @chaptergy commented on GitHub (Jun 3, 2021): It is usually the case that your domain provider is also your DNS provider. Yes and no. Certbot does in theory allow manual DNS challenges, where you manually create the record, which is compatible with every DNS provider, which lets you edit the records. However this is [not available through NPM](https://github.com/jc21/nginx-proxy-manager/issues/813). Also in practice, since a LetsEncrypt certificate expires after 3 months, it should be renewed every 2 months. So every 2 months you would have to manually add a specific TXT record to your domain for your certificate to continue working. This is why this is not officially recommended by certbot. That is why NPM only support DNS providers which have an API though which you can set this record, so all this can be done automatically.
Author
Owner

@jayjupdhig commented on GitHub (Jun 8, 2021):

Thank you very much!! :-)

<!-- gh-comment-id:856668507 --> @jayjupdhig commented on GitHub (Jun 8, 2021): Thank you very much!! :-)
Author
Owner

@kosuodhmwa commented on GitHub (Jun 8, 2021):

OK, thx, will close the issue now...

<!-- gh-comment-id:856753967 --> @kosuodhmwa commented on GitHub (Jun 8, 2021): OK, thx, will close the issue now...
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#938
No description provided.