Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed

Setting TXT records via AWS CLI for ACME DNS-01 challenges

Daniel Nashed – 13 May 2021 06:57:00

Most of the Domino V12 CertMgr integrations for DNS-01 challenges I built so far, leverage REST API interfaces.

This isn't an option for AWS DNS. But we finally found a straightforward way using the AWS CLI.

All the AWS Route 53 implementations I saw for other ACME implementations looked pretty complicated.

We just authorized the machine to modify the DNS sub domain. Requests looks like what you see below. You can just specify a JSON file.

In my final script I am just passing the zone ID and replace variables I added instead of the sample values below.

This might be useful also for others integrating with AWS for TXT record updates -- or even other DNS automation.

You will find the full integration script later in the planned HCL open source GitHub repo for Domino V12 CertMgr along with more DNS-01 API integration configurations.

If you need this for CertMgr today, just ping me.

-- Daniel


Example command and JSON file:

aws route53 change-resource-record-sets --hosted-zone-id Z012345671ABCD123L42 --change-batch

The inner quotes in the value are important. AWS expects an inner quoted string for TXT records.




 "Changes": [


     "Action": "CREATE",

     "ResourceRecordSet": {

       "Name": "",

       "Type": "TXT",

       "TTL": 30,

       "ResourceRecords": [


           "Value": "\"duakBxodnTeocISUOQr1vnQfQ09Axv0Sihk0GrHSevI\""







No Comments Found



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]