Yes, it cannot currently be done with external DNS since DA cannot control it.
There are some 3rd party modules we're looking into, where DA could then control the external DNS system (assuming it's a larger DNS provider that's included in the module)
John
Sorry for asking, do we still have workaround for external DNS for now ?
Everytime when I create a domain, I have to modify the external DNS at linode. I think that the TXT verification for _acme-challenge needs to finish propagate before it can request wildcard in letsencrypt but the request is too short before it propagated and I always got the failed message.
Or is there a way to modify the script to request the wildcard certs after few hours so that internal and external DNS propagated successfully before making request?
Error:
Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order...
Processing authorization for example.com...
DNS challenge test fail for _acme-challenge.example.com IN TXT "
pcSWVVLV0li-G0wwgkPorz5l5sKJtmvZ1234WAUZatvZQ", retrying...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
DNS validation failed. Exiting...
It wont be problem if the TXT verification not autogenerated for the next request.