Getting error for Cloudflare certbot

I am using Cloudflare certbot with its Global API key. Earlier the entire process was flawless. Now in first attempt I get this kind of error message. In Second attempt same thing works.

root@example:~/.secrets# certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d,* --preferred-challenges dns-01
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel):

Please read the Terms of Service at You must
agree in order to register with the ACME server. Do you agree?

(Y)es/(N)o: Y

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: N
Account registered.
Requesting a certificate for and *
Waiting 10 seconds for DNS changes to propagate

Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these p roblems:
Type: unauthorized
Detail: Incorrect TXT record "fsYVAf4TJV3Ud-rFsLLdV_sxTrIBJAb_rJYiTfGJJL8" found at

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above doma ins are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 10 seconds).

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsenc rypt.log or re-run Certbot with -v for more details.

What is weird that - when I request cert req command again it just works.

certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini                                                  -d,* --preferred-challenges dns-01

This happened two times since yesterday.

What happens when you increase the propagation delay to, say, 60 seconds?