I am using Cloudflare certbot with its Global API key. Earlier the entire process was flawless. Now in first attempt I get this kind of error message. In Second attempt same thing works.
root@example:~/.secrets# certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d example.com,*.example.com --preferred-challenges dns-01
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): email@example.com
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
Requesting a certificate for example.com and *.example.com
Waiting 10 seconds for DNS changes to propagate
Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these p roblems:
Detail: Incorrect TXT record "fsYVAf4TJV3Ud-rFsLLdV_sxTrIBJAb_rJYiTfGJJL8" found at _acme-challenge.example.com
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above doma ins are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 10 seconds).
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsenc rypt.log or re-run Certbot with -v for more details.
What is weird that - when I request cert req command again it just works.
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d example.com,*.example.com --preferred-challenges dns-01
This happened two times since yesterday.