Hi, thank you for providing this awesome service!
I have a subdomain under dedyn.io and it points to my home server running Caddy. I use Let’s Encrypt with the ACME DNS challenge to get a wildcard TLS certificate.
Every couple of months, when Caddy tried to refresh the certs, it failed with {"level":"error","ts":1744311904.4697077,"logger":"tls.renew","msg":"could not get certificate from issuer" ,"identifier":"*.redacted.dedyn.io","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.redacted.dedyn.io] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of \"_acme-challenge.redacted.dedyn.io.\" (relative=_acme-challenge zone=redacted.dedyn.io. resolvers=[127.0.0.11:53]): looking up authoritative nameservers: could not determine authoritative nameservers (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/[redacted]) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
I used to be able to fix this by going to the web control panel and manually setting the NS record to ns1.desec.io and ns2.desec.org, which are the default values which are there when you create a new subdomain under dedyn.io. I have no idea why they disappear after some time.
Now I’m unable to refresh my certs because I can’t set the NS record to its default value. I understand that the ability to set NS records to arbitrary values was recently disabled due to abuse, but I don’t think that this counts as abuse - could you at least add an option to have the NS record immutably set to the default value so that it doesn’t disappear? Alternatively, could you suggest some workaround which would let me refresh my certs?
Thanks!