I'm trying to debug my DNS setup for the letsencrypt challenge.
I understand that BIND9 may not be receiving the requests, although it was earlier in the day. The .jnl does not get created, unfortunately.
What I'd like to know is how can I send a request from a remote computer to eventually see what fails on the other end. What does letsencrypt do to send us a TXT field update? What command line command(s) can I run?
That would be an equivalent to the nsupdate command, but from a remote computer.
Use Let's Encrypt staging environment with your ACME client of choice.
Test with staging first, to not get rate limited from production.
Note that it is not Let's Encrypt sending you DNS update requests, but the API tells you what they should be set to. Various clients have hooks to automate DNS. Read your favorite hooks and the
nsupdateman page to get an idea of how theydeleteandaddthe TXT records, and if the DNS server is configurable.nsupdate works from a remote computer.
Simply run
nsupdate -k keyfileand issue the commandserver example.comwhen nsupdate has started to tell it which server to send updates to.