ok #asknostr - anyone who has set up paid SSL certs
how long does the CNAME based domain confirmation typically take? it's like the old days right? 1-2 days?
centralised DNS shit sucks such ass it's painful to watch
Discussion
It definitely shouldn't take that long. Maybe an hour or two tops.
ok, i guess if it isn't working in a few hours probably i made a bogus CSR... i'm using namecheap... any pointers to some good clear instructions most appreciated
this is what decodes out of my CSR, any clangers i might be missing?
this page says it's not found
https://mxtoolbox.com/supertool3?action=cname%3amleku.dev&run=toolpage
the CNAME record is obviously in my advanced DNS settings on namecheap
i remember when setting up that email address there it took a large part of a day to actually happen, so i'm just gonna put it to the side
annoyed though, having trouble getting a wildcard subdomain certificate to work on my LE proxy but oh well
https://mxtoolbox.com/emailhealth/mleku.dev/
this also mentions some stuff
i'm just unsure of what's going on, that page seems to suggest the problem is that i don't have a server answering some request on that domain, it's also saying some stuff about SOA errors, idk wtf that even is
as far as i can tell from namecheap's interface, i just generate a valid CSR and matching private key, then submit the CSR (done) and put a CNAME record that validates it
so, as far as i can tell, what is going on at this point is comodo's not seeing the CNAME record so they aren't sending me the cert in my listed email
such an obfuscated, confusing process, and zero feedback about what's going on except "pending" pending what? human fucking pressing button "go"?
yeah... now the information page has changed from "pending" to "in progress" so it is probably humans need to press buttons and it's sunday so the latency of response is high
i'll just finish adding this tlsconfig handler to add certs
I renewed one last week via Namecheap and it took maybe 20 minutes.
so, that's with using DNS validation? this is for a wildcard btw... they didn't have the option of validation from a server and the options were a long list of servers that i would never use lol... i generated the CSR using the nodejs openssl package