How to best use linode DNS API with Let's Encrypt
Linode seems to be REALLY slow at publishing DNS record changes created by the API.
It can be so slow you think it isn't working. I see the record immediately in the web view after I use the API to create the _acme-challenge record, but I might still get an NXDOMAIN response from dig for several minutes. The default timeout on proxmox is 30 seconds. Last time I configured it, I had to up the timeout to 2 minutes, but recently, that wasn't good enough either and I had to push it to 3.
Is there a recommended sleep value to wait for the TXT records to propagate after an API change? I feel like my timeouts have just been randomly working because I tried around the time that maybe a propagation event occurs. A forum post from let's encrypt suggests that linode only updates records on the quarter hour. The post is from 2018, so maybe that's dated; is it REALLY that slow?
https://forum.proxmox.com/threads/problems-with-linode_v4-and-acme-dns-plugin.118532/
https://community.letsencrypt.org/t/no-txt-record-found-using-linode-dns-plugin/76403/2
1 Reply
I recall reading a post from Linode saying they had fixed their slow DNS propagation, but I can't find it now.
I too still experienced sporadic failures with Let's Encrypt updating my certificates and slowly increased the dns_linode_propagation_seconds until the problem went away. I ended up with a value of 1500.