Allow to configure wait_for_txt's timeout and server. (#80)

changelogs/fragments/80-wait_for_txt-timeout-servers.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - "acme_certificate role - allow to configure the timeout and the DNS servers to use for validating DNS entry propagation for ``dns-01`` challenges (https://github.com/felixfontein/ansible-acme/issues/79, https://github.com/felixfontein/ansible-acme/pull/80)."

roles/acme_certificate/meta/argument_specs.yml

@@ -377,6 +377,22 @@ argument_specs:
           - Whether to try to validate the generated certificate chain or not.
           - Will use O(acme_certificate_root_certificate_for_verification) for the root certificate, or if that is not set,
             use O(acme_certificate_root_certificate).
+      acme_certificate_dns_propagation_timeout:
+        type: int
+        description:
+          - Default timeout when waiting for DNS entries to propagate for C(dns-01) challenges.
+          - This is passed to the O(community.dns.wait_for_txt#module:timeout) option of M(community.dns.wait_for_txt).
+          - The default depends on O(acme_certificate_dns_provider).
+        version_added: 0.9.0
+      acme_certificate_dns_servers:
+        type: list
+        elements: str
+        description:
+          - DNS servers to use to lookup the name servers of the domains. These are queried to ensure that the C(dns-01) challenges
+            propagated before the ACME CA is asked to validate the challenges.
+          - If not provided, the system's standard resolver is used.
+          - This is passed to the O(community.dns.wait_for_txt#module:server) option of M(community.dns.wait_for_txt).
+        version_added: 0.9.0
     seealso:
       - module: community.crypto.openssl_privatekey
         description: You can create ACME account keys with this module.

roles/acme_certificate/tasks/dns-cloudflare-create.yml

@@ -21,6 +21,7 @@
   community.dns.wait_for_txt:
     records: >-
       {{ acme_certificate_INTERNAL_challenge.challenge_data_dns | dict2items(key_name='name', value_name='values') | list }}
-    timeout: 120
+    timeout: "{{ acme_certificate_dns_propagation_timeout | default(120) }}"
+    server: "{{ acme_certificate_dns_servers | default(omit) }}"
   delegate_to: localhost
   run_once: true

roles/acme_certificate/tasks/dns-hosttech-create.yml

@@ -24,6 +24,7 @@
   community.dns.wait_for_txt:
     records: >-
       {{ acme_certificate_INTERNAL_challenge.challenge_data_dns | dict2items(key_name='name', value_name='values') | list }}
-    timeout: 300
+    timeout: "{{ acme_certificate_dns_propagation_timeout | default(300) }}"
+    server: "{{ acme_certificate_dns_servers | default(omit) }}"
   delegate_to: localhost
   run_once: true

roles/acme_certificate/tasks/dns-inwx-create.yml

@@ -28,6 +28,7 @@
   community.dns.wait_for_txt:
     records: >-
       {{ acme_certificate_INTERNAL_challenge.challenge_data_dns | dict2items(key_name='name', value_name='values') | list }}
-    timeout: 600
+    timeout: "{{ acme_certificate_dns_propagation_timeout | default(600) }}"
+    server: "{{ acme_certificate_dns_servers | default(omit) }}"
   delegate_to: localhost
   run_once: true

roles/acme_certificate/tasks/dns-ns1-create.yml

@@ -25,6 +25,7 @@
   community.dns.wait_for_txt:
     records: >-
       {{ acme_certificate_INTERNAL_challenge.challenge_data_dns | dict2items(key_name='name', value_name='values') | list }}
-    timeout: 120
+    timeout: "{{ acme_certificate_dns_propagation_timeout | default(120) }}"
+    server: "{{ acme_certificate_dns_servers | default(omit) }}"
   delegate_to: localhost
   run_once: true