Why are there "acme-challenge" DNS records on my domain?

When setting up the DNS records on your domain, you may come across a couple of TXT records that you didn't add yourself:

These records are applied to your domain automatically when Porkbun's free SSL certificate is generated. They are used by Certificate Authorities (Let's Encrypt, in this case) to verify that the SSL certificate for your domain is valid and up to date. Here's a quick overview from Let's Encrypt's website:

"This challenge asks you to prove that you control the DNS for your domain name by putting a specific value in a TXT record under that domain name."

Having these records applied to your domain also makes it so the "wildcard" portion of your SSL certificate functions properly. This means that any subdomains you create on your domain (such as example.goosehollow.design) are also covered by our free SSL certificate automatically.

Note

If you have our free SSL certificate applied to your domain but your website still doesn't load with a secure connection, there are a few reasons that could happen. Check out our guide on how your free SSL certificate works for more information.

If you're already using an SSL certificate from another provider such as your web host, you can safely delete the "acme-challenge" records from your domain, but there's also no harm in leaving them alone. The world is your oyster!

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.