Hello Mark,
I suppose you are using the DNS-01 challenge type since you are trying to get a wildcard certificate?
The ARDC DNS does not propagate in real time (it typically takes about an hour), so that exceeds Let's Encrypt's timeout. What I usually do is to make the _acme-challenge.YOUR_DOMAIN a CNAME record to a domain under a different nameserver (Cloudflare and HE.net http://he.net/ offer free DNS that basically propagates in real time), like _acme-challenge.ampr-dns01-alias.MY_OTHER_DOMAIN. After this, there should be an option in your ACME client to choose an
Alternatively, you can also delegate the entire ni2o.ampr.org http://ni2o.ampr.org/ to an external nameserver.
Let me know if you have any problems!
Best, Maiyun Zhang AK6DS
On Oct 30, 2025, at 08:09, Mark Phillips via 44net 44net@mailman.ampr.org wrote:
Hi Folks,
I'm having some trouble trying to get LetsEncrypt SSL certificates authorised for use on my WWW devices. The issue seems to be that I do not have control of the TLD and so I can never authorise the issuing of the certificate.
I've tried *.ni2o.ampr.org http://ni2o.ampr.org/ (generic catch all), fqdn.ni2o.ampr.org http://fqdn.ni2o.ampr.org/ (device specific) and many other variations but they all fail at the authorizing of the cert.
What am I doing wrong? I'm using LetEncrypt (free not-for-profit) SSL certificates successfully in other areas but i do control the domain for those.
Thanks for your help
Mark / G7LTT _______________________________________________ 44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org