Yeil/certbot-dns-yeil
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v3.0.1: default propagation 20s -> 60s for edge-replica convergence

Browse Source 
20s was too tight: yeil serves DNS from edge replicas fed by a
replication log, so a freshly-written _acme-challenge TXT takes a bit to
appear on every authoritative nameserver. Let's Encrypt's secondary
(multi-perspective) validation hit a not-yet-converged replica and saw a
stale value -> 'incorrect TXT record found'. 60s lets all replicas catch
up (matches what already works in practice for wildcard certs).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
eskimo
2026-06-22 02:14:48 -04:00
parent e6d9e17d1e
commit 3d606b20bc
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
certbot_dns_yeil/dns_yeil.py
View File

@@ -39,8 +39,13 @@ class Authenticator(dns_common.DNSAuthenticator):
@classmethod
def add_parser_arguments(cls, add):
# yeil serves DNS from edge replicas fed by a replication log, so a
# freshly-written TXT takes a little time to appear on every
# authoritative nameserver. 20s was too tight and tripped Let's
# Encrypt's secondary (multi-perspective) validation against a
# not-yet-converged replica; 60s gives all replicas time to catch up.
super(Authenticator, cls).add_parser_arguments(
add, default_propagation_seconds=20
add, default_propagation_seconds=60
)
add("credentials", help="Path to your yeil credentials INI file.")

2
setup.py
View File

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
setup(
name="certbot-dns-yeil",
version="3.0.0",
version="3.0.1",
description="yeil DNS Authenticator plugin for Certbot",
url="https://git.eskimo.dev/Yeil/certbot-dns-yeil",
author="yeil",