Cloudflare DNS Error

My domain is: ilnation.fr

I ran this command: sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /some/secret/location/cloudflare.ini --dns-cloudflare-propagation-seconds 10 -d ilnation.fr --dry-run

It produced this output:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ilnation.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for ilnation.fr
Waiting 10 seconds for DNS changes to propagate

Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these problems:
  Domain: ilnation.fr
  Type:   unauthorized
  Detail: No TXT record found at _acme-challenge.ilnation.fr

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 10 seconds).

Failed to renew certificate ilnation.fr with error: Some challenges have failed.

My web server is NGINX 1.14.2 :

The operating system my web server runs on is raspbrian :

I can login to a root shell on my machine : Yes

I'm using a control panel to manage my site : No (Cloudflare for DNS)

The version of my client is : certbot 1.26.0

I've checked Cloudflare API Logs and the DNS records were successfully added and removed

I've also tried with 60 seconds of propagation time

Try increasing the propogation time to a relative absurd number (e.g. an hour) to see if it works at all.

2 Likes

You are using Cloudflare CDN. Cloudflare CDN manages its own certs for connections between its Edge and clients (like browsers).

You can use an Origin CA from Cloudflare for https between that Edge and your origin server. That might be easier than maintaining certbot and Let's Encrypt certs.

2 Likes

Yeah I'll try

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.