Skip to content

Commit

Permalink
Add more details about authoratitive checks
Browse files Browse the repository at this point in the history
  • Loading branch information
@vancluever
vancluever committed Feb 11, 2023
1 parent c83a2e5 commit 670082f
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions docs/resources/certificate.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,12 @@ There are two parts to the DNS propagation check:
`recursive_nameservers`.
* A check against your domain's authoritative DNS servers.

-> The authoritative part of the DNS propagation check will almost always
require access to the outside internet. Make sure you allow the required access
accordingly, particularly in restricted networks. You can also use the
`disable_complete_propagation` setting to bypass this check altogether (see
below).

The ACME provider will normally use your system-configured DNS resolvers to
check for propagation of the TXT records before proceeding with the certificate
request. In split horizon scenarios, this check may never succeed, as the
Expand Down

0 comments on commit 670082f

Please sign in to comment.