[GH-ISSUE #1143] How to use it with a generic provider with DNS TXT records? #938

New issue

Closed

opened 2026-02-26 06:35:04 +03:00 by kerem · 6 comments

kerem commented 2026-02-26 06:35:04 +03:00

Owner

Copy link

Originally created by @kosuodhmwa on GitHub (Jun 1, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1143

Hi

How to use Nginx Proxy Manager with round robin DNS A-Record when i want to get a Let's Encrypt certificate? What to select in the DNS Challenge Provider select box? There are 2 generic entries: 1.) Something with rfc and the entry on list bottom called DNS-ACME...

Now:

a.) What to to when i have another provider the the ones they are in that list? Using the rfc method or DNS-ACME...?

AND

b.) Are DNS TXT-Record the correct record type to handle that issue

I can't find a step-by-step guide to realize that - and i also read that this part was removed from the Lets Encrypt documentation: https://serversupportforum.de/threads/lets-encrypt-zertifikat-ausstellen-wenn-dns-round-robin-verwendet-wird.60226/

Thank you very very much for your feedbacks!! :-)

Originally created by @kosuodhmwa on GitHub (Jun 1, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1143 Hi How to use Nginx Proxy Manager with round robin DNS A-Record when i want to get a Let's Encrypt certificate? What to select in the DNS Challenge Provider select box? There are 2 generic entries: 1.) Something with `rfc` and the entry on list bottom called `DNS-ACME`... Now: a.) What to to when i have another provider the the ones they are in that list? Using the `rfc` method or `DNS-ACME`...? AND b.) Are DNS TXT-Record the correct record type to handle that issue I can't find a step-by-step guide to realize that - and i also read that this part was removed from the Lets Encrypt documentation: https://serversupportforum.de/threads/lets-encrypt-zertifikat-ausstellen-wenn-dns-round-robin-verwendet-wird.60226/ Thank you very very much for your feedbacks!! :-)

kerem 2026-02-26 06:35:04 +03:00

• closed this issue
• added the
  product-support
  label

kerem commented 2026-02-26 06:35:05 +03:00

Author

Owner

Copy link

@kosuodhmwa commented on GitHub (Jun 2, 2021):

Is that possible what i want or not?

<!-- gh-comment-id:852814228 --> @kosuodhmwa commented on GitHub (Jun 2, 2021): Is that possible what i want or not?

kerem commented 2026-02-26 06:35:05 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Jun 2, 2021):

I do not know much about the two generic providers either. Maybe you will find useful information on the documentation of certbot-dns-acmedns and certbot-dns-rfc2136.

But generally DNS challenges is what you need. If you have your domains at a provider, which is not listed, you can visit pypi.org, and search for a package with the name certbot-dns-<privider>. If such a package exists, you can open an issue requesting this package to be listed in the dropdown. If such a package does not exist, I'm afraid you won't be able to use NPM to solve the DNS challenge for you.

<!-- gh-comment-id:853027858 --> @chaptergy commented on GitHub (Jun 2, 2021): I do not know much about the two generic providers either. Maybe you will find useful information on the documentation of [certbot-dns-acmedns](https://pypi.org/project/certbot-dns-acmedns/) and [certbot-dns-rfc2136](https://certbot-dns-rfc2136.readthedocs.io/en/stable/). But generally DNS challenges is what you need. If you have your domains at a provider, which is not listed, you can visit pypi.org, and search for a package with the name `certbot-dns-<privider>`. If such a package exists, you can open an issue requesting this package to be listed in the dropdown. If such a package does not exist, I'm afraid you won't be able to use NPM to solve the DNS challenge for you.

kerem commented 2026-02-26 06:35:05 +03:00

Author

Owner

Copy link

@kosuodhmwa commented on GitHub (Jun 2, 2021):

Hello

Thank you very much for your feedback. It's just a "plain vanilla" DNS provider (the same company where the domains was bought)

Am i wrong when i think it's pissible with EVERY dns provider and (the corrrect) DNS TXT records...?

<!-- gh-comment-id:853035762 --> @kosuodhmwa commented on GitHub (Jun 2, 2021): Hello Thank you very much for your feedback. It's just a "plain vanilla" DNS provider (the same company where the domains was bought) Am i wrong when i think it's pissible with EVERY dns provider and (the corrrect) DNS TXT records...?

kerem commented 2026-02-26 06:35:05 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Jun 3, 2021):

It is usually the case that your domain provider is also your DNS provider.

Yes and no. Certbot does in theory allow manual DNS challenges, where you manually create the record, which is compatible with every DNS provider, which lets you edit the records. However this is not available through NPM. Also in practice, since a LetsEncrypt certificate expires after 3 months, it should be renewed every 2 months. So every 2 months you would have to manually add a specific TXT record to your domain for your certificate to continue working. This is why this is not officially recommended by certbot.

That is why NPM only support DNS providers which have an API though which you can set this record, so all this can be done automatically.

<!-- gh-comment-id:853633930 --> @chaptergy commented on GitHub (Jun 3, 2021): It is usually the case that your domain provider is also your DNS provider. Yes and no. Certbot does in theory allow manual DNS challenges, where you manually create the record, which is compatible with every DNS provider, which lets you edit the records. However this is [not available through NPM](https://github.com/jc21/nginx-proxy-manager/issues/813). Also in practice, since a LetsEncrypt certificate expires after 3 months, it should be renewed every 2 months. So every 2 months you would have to manually add a specific TXT record to your domain for your certificate to continue working. This is why this is not officially recommended by certbot. That is why NPM only support DNS providers which have an API though which you can set this record, so all this can be done automatically.

kerem commented 2026-02-26 06:35:05 +03:00

Author

Owner

Copy link

@jayjupdhig commented on GitHub (Jun 8, 2021):

Thank you very much!! :-)

<!-- gh-comment-id:856668507 --> @jayjupdhig commented on GitHub (Jun 8, 2021): Thank you very much!! :-)

kerem commented 2026-02-26 06:35:05 +03:00

Author

Owner

Copy link

@kosuodhmwa commented on GitHub (Jun 8, 2021):

OK, thx, will close the issue now...

<!-- gh-comment-id:856753967 --> @kosuodhmwa commented on GitHub (Jun 8, 2021): OK, thx, will close the issue now...

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#938

No description provided.