From 21c94141baded0237c01455ab3ff67e04c0719e9 Mon Sep 17 00:00:00 2001 From: Konovalov Nikolay Date: Mon, 29 Oct 2018 16:58:03 +0300 Subject: [PATCH] Update docs/configuration/acme.md --- docs/configuration/acme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/acme.md b/docs/configuration/acme.md index 2ecb97470..1aaa51d05 100644 --- a/docs/configuration/acme.md +++ b/docs/configuration/acme.md @@ -370,7 +370,7 @@ It is not possible to request a double wildcard certificate for a domain (for ex Due to ACME limitation it is not possible to define wildcards in SANs (alternative domains). Thus, the wildcard domain has to be defined as a main domain. Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed. In this case the generated DNS TXT record for both domains is the same. -Eventhough this behaviour is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant, it can lead to problems as all DNS providers keep DNS records cached for a certain time (TTL) and this TTL can be superior to the challenge timeout making the `DNS-01` challenge fail. +Even though this behaviour is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant, it can lead to problems as all DNS providers keep DNS records cached for a certain time (TTL) and this TTL can be superior to the challenge timeout making the `DNS-01` challenge fail. The Traefik ACME client library [LEGO](https://github.com/xenolf/lego) supports some but not all DNS providers to work around this issue. The [`provider` table](/configuration/acme/#provider) indicates if they allow generating certificates for a wildcard domain and its root domain.