Step 2 DNS verification — TXT record setup (and why "nothing happens")
The DNS method proves domain ownership with a TXT record instead of a file upload.
Setting the record correctly:
- In your DNS provider (Cloudflare, GoDaddy, Namecheap, your host's panel), add a TXT record.
- Name/Host:
_acme-challengeif your site is on the root domain (yoursite.com). If your site is on a subdomain (blog.yoursite.com), the host must be_acme-challenge.blog— this is the single most common DNS-method mistake. - Value: paste the long code shown in the plugin, exactly, with no quotes added.
- TTL: 300 (5 minutes) or the lowest available.
- Wait 5–15 minutes for propagation. Check it worked at
https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.yourdomain.com— when the value appears there, click Scan DNS Record in the plugin.
Important quirks to know:
- If the scan fails, the button locks for 5 minutes before you can retry — this is a rate-limit protection, not a crash. Use the wait to confirm the record with the dig tool above.
- Renewals generate a new value each time — update the existing TXT record, don't stack multiple
_acme-challengerecords (some providers return them all, which can confuse validation; delete old ones). - Cloudflare users: the TXT record must be DNS only (grey cloud), though TXT records aren't proxied anyway.
- If the DNS tab shows an empty table with no record value at all, the Let's Encrypt order failed to create — go back to Step 1, click through again, and re-open Step 2. If it persists, contact support; that's a bug we track.