Why am I seeing "_acme-challenge.domain.com" in my domains and DNS records?

Opalstack's automated provisioning and management of free Let's Encrypt SSL certificates sometimes uses a DNS challenge to prove that we are managing the DNS for your domain.

There are two components to that challenge:

  • A subdomain
  • A DNS TXT record attached to that subdomain

Since Let's Encrypt is an implementation of the ACME protocol, the subdomain used for the challenge begins with _acme-challenge.