diff --git a/challenge/dns01/precheck.go b/challenge/dns01/precheck.go index 0329b242..0c3364e6 100644 --- a/challenge/dns01/precheck.go +++ b/challenge/dns01/precheck.go @@ -44,10 +44,15 @@ func RecursiveNSsPropagationRequirement() ChallengeOption { } } -func PropagationWaitOnly(wait time.Duration) ChallengeOption { +func PropagationWait(wait time.Duration, skipCheck bool) ChallengeOption { return WrapPreCheck(func(domain, fqdn, value string, check PreCheckFunc) (bool, error) { time.Sleep(wait) - return true, nil + + if skipCheck { + return true, nil + } + + return check(fqdn, value) }) } diff --git a/cmd/setup_challenges.go b/cmd/setup_challenges.go index 6391ba07..2ec38198 100644 --- a/cmd/setup_challenges.go +++ b/cmd/setup_challenges.go @@ -143,7 +143,9 @@ func setupDNS(ctx *cli.Context, client *lego.Client) error { dns01.DisableAuthoritativeNssPropagationRequirement()), dns01.CondOption(ctx.Duration(flgDNSPropagationWait) > 0, - dns01.PropagationWaitOnly(wait)), + // TODO(ldez): inside the next major version we will use flgDNSDisableCP here. + // This will change the meaning of this flag to really disable all propagation checks. + dns01.PropagationWait(wait, true)), dns01.CondOption(ctx.Bool(flgDNSPropagationRNS), dns01.RecursiveNSsPropagationRequirement()),