Solving the DNS-01 challenge using CLI prompt.


To start using the CLI prompt “provider”, start lego with --dns manual:

$ lego --email "" --domains="" --dns "manual" run

What follows are a few log print-outs, interspersed with some prompts, asking for you to do perform some actions:

No key found for account Generating a P256 key.
Saved key to ./.lego/accounts/
Please review the TOS at
Do you accept the TOS? Y/n

If you accept the linked Terms of Service, hit Enter.

[INFO] acme: Registering account for
!!!! HEADS UP !!!!

    Your account credentials have been saved in your Let's Encrypt
    configuration directory at "./.lego/accounts".

    You should make a secure backup of this folder now. This
    configuration directory will also contain certificates and
    private keys obtained from Let's Encrypt so making regular
    backups of this folder is ideal.
[INFO] [] acme: Obtaining bundled SAN certificate
[INFO] [] AuthURL:
[INFO] [] acme: Could not find solver for: tls-alpn-01
[INFO] [] acme: Could not find solver for: http-01
[INFO] [] acme: use dns-01 solver
[INFO] [] acme: Preparing to solve DNS-01
lego: Please create the following TXT record in your zone: 120 IN TXT "hX0dPkG6Gfs9hUvBAchQclkyyoEKbShbpvJ9mY5q2JQ"
lego: Press 'Enter' when you are done

Do as instructed, and create the TXT records, and hit Enter.

[INFO] [] acme: Trying to solve DNS-01
[INFO] [] acme: Checking DNS record propagation using []
[INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
[INFO] [] acme: Waiting for DNS record propagation.
[INFO] [] The server validated our request
[INFO] [] acme: Cleaning DNS-01 challenge
lego: You can now remove this TXT record from your zone: 120 IN TXT "hX0dPkG6Gfs9hUvBAchQclkyyoEKbShbpvJ9mY5q2JQ"
[INFO] [] acme: Validations succeeded; requesting certificates
[INFO] [] Server responded with a certificate.

As mentioned, you can now remove the TXT record again.