The ACME DNS-01 Challenge

The DNS-01 Challenge is utilised by the ACME Certificate Authorities like Let’s Encrypt so the users can prove that they control the DNS of the Domain Name they are requesting the certificate for.

It does that by asking the user to put a specific value in a TXT record under that domain name. The ACME client will get a token from the server and create a TXT record derived from that token and place it at _acme_challenge.<Domain Name>, then the ACME server will query the DNS system for that record.

Read more about the DNS-01 challenge here.