How to add a TXT record to configure Let's Encrypt certificate

While creating the Let’s Encrypt certificate over DNS challenge method, you have to add a specific TXT record to your DNS zone to ensure the certificate validation. If your zone is hosted in Edge DNS, follow the steps described next.

Let’s Encrypt certificates cross-signed by IdenTrust expired on September 30th, 2024. Devices and applications using the Let’s Encrypt certificate that uses IdenTrust will become invalid. This could impact the functionality of devices and applications utilizing these certificates, mainly users of older Android devices (pre-7.1). It’ll be necessary to take the following actions:

For users of Let’s Encrypt Certificates with IdenTrust: you must migrate to the new Let’s Encrypt signing technology or an Azion edge certificate.
For users of other types of Let’s Encrypt: no immediate action is necessary, considering other certificates remain unaffected with this update, since the problem is caused by outdated certificate chains on the device.
For user with applications using Let’s Encrypt in Azion: no action needed. Certificates are automatically updated, although an affected device must have its CAs updated as well.

Follow the general steps described in the How to add records guide.
In Name, provide the new record’s name required by the Let’s Encrypt certification request, such as the Certbot tool, in a string format. Limited to 100 characters. Example: _acme-challenge.<YOUR_DOMAIN>.
In the Record Type dropdown menu, select TXT.
In Value, input the value for the ACME challenge provided by the Let’s Encrypt provider. Example: ekgH9kW242Vbt99P27agtr07I09iLsiZZx.
In TTL (seconds), choose the time, in seconds, a response can be cached for on a resolver server. Maximum value: 2147483647.
Click the Save button.

Run the following GET request in your terminal, replacing [TOKEN VALUE] with your personal token to retrieve your <hosted_zone_id>:

curl --request GET --url https://api.azion.com/v4/edge_dns/zones --header 'Accept: application/json' --header 'Authorization: Token [TOKEN VALUE]'

You’ll receive a response with all your existing zones. Copy the value of the <id> that you want to use.
Run the following POST request, replacing [TOKEN VALUE] with your personal token and the <zone_id> value you copied:

curl --request POST --url https://api.azion.com/v4/edge_dns/zones/<zone_id>/records --header 'Accept: application/json' --header 'Authorization: Token [TOKEN VALUE]' --header 'Content-Type: application/json' --data '{
  "type": "TXT",
  "name": "_acme-challenge",
  "rdata": ["ekgH9kW242Vbt99P27agtr07I09iLsiZZx"]
}'

You’ll receive a response similar to this:

{
"results": {
  "answers_list": [
    "ekgH9kW242Vbt99P27agtr07I09iLsiZZx"
  ],
  "zone_id": 1234,
  "record_type": "TXT",
  "ttl": 20,
  "policy": "simple",
  "entry": "_acme-challenge.<YOUR_DOMAIN>",
  "id": 56506,
  "description": ""
},
"schema_version": 3
}

Wait a few minutes for the changes to propagate and your records will be created in the hosted zone you chose.