Getting error for Cloudflare certbot

I am using Cloudflare certbot with its Global API key. Earlier the entire process was flawless. Now in first attempt I get this kind of error message. In Second attempt same thing works.

root@example:~/.secrets# certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d example.com,*.example.com --preferred-challenges dns-01
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): example@gmail.com


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?


(Y)es/(N)o: Y


Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.


(Y)es/(N)o: N
Account registered.
Requesting a certificate for example.com and *.example.com
Waiting 10 seconds for DNS changes to propagate

Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these p roblems:
Domain: example.com
Type: unauthorized
Detail: Incorrect TXT record "fsYVAf4TJV3Ud-rFsLLdV_sxTrIBJAb_rJYiTfGJJL8" found at _acme-challenge.example.com

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above doma ins are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 10 seconds).

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsenc rypt.log or re-run Certbot with -v for more details.
root@example:~/.secrets#

What is weird that - when I request cert req command again it just works.

certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini                                                  -d example.com,*.example.com --preferred-challenges dns-01

This happened two times since yesterday.

What happens when you increase the propagation delay to, say, 60 seconds?

2 Likes