3d606b20bc
20s was too tight: yeil serves DNS from edge replicas fed by a replication log, so a freshly-written _acme-challenge TXT takes a bit to appear on every authoritative nameserver. Let's Encrypt's secondary (multi-perspective) validation hit a not-yet-converged replica and saw a stale value -> 'incorrect TXT record found'. 60s lets all replicas catch up (matches what already works in practice for wildcard certs). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
503 B
503 B