| 26 Dec 2021 |
 hexa | I use rfc2316 with my own authoritative server and by default lego waits a minute between each SAN | 22:42:48 |
| hexa | if I reduce that time to ~10s it fails sometimes | 22:43:06 |
| hexa | which is worrying | 22:43:13 |
| hexa | like … why wouldn't 10 seconds work for a dynamic dns update 😕 | 22:43:22 |
 Winter (she/her) | In reply to @aanderse:nixos.dev
Winter: yes
i like my dns provider because they have an awesome feature set and are a good price
i do not like how it takes 30 minutes for my wildcard to renew 😑 what DNS provider if I may ask? | 22:55:50 |
 aanderse | namesilo | 23:03:50 |
 moritz.hedtke | In reply to @hexa:lossy.network
like … why wouldn't 10 seconds work for a dynamic dns update 😕 I could imagine because of the issues documented in https://letsencrypt.org/2020/02/19/multi-perspective-validation.html | 23:58:53 |
| moritz.hedtke | If I understood correctly what you mean | 23:59:04 |
| 27 Dec 2021 |
| moritz.hedtke | when I think about it the reasoning doesn't make sense in that case | 00:00:05 |
| moritz.hedtke | TTL? | 00:00:19 |
| hexa | moritz.hedtke: the record doesn't exist before the validation try | 00:02:41 |
| hexa | so negcache at worst | 00:02:57 |
| hexa | but letsencrypt probably won't do caching here | 00:03:04 |
| moritz.hedtke | And you think the record is there before e.g letsencrypt starts querying? I'm not too familiar with acme using dns | 00:05:55 |
