I am having problems issueing a certificate for *.domain.tld and domain.tld in one request. Even though I created both TXT DNS records and both records match the required acme-challenge values, it won’t check all TXT records I created in Cloudflare DNS settings.
Are you sure you are putting both TXT records at the same time?. I mean, as you want to issue a cert covering f######net.com and *.f######net.com you must put two txt records for _acme-challenge.f######net.com every one with its respective token. Also, you need to wait a few seconds or minutes till your authoritative dns servers answer the same when the txt records are requested.
You are right, even though both TXT DNS records were created, it only gives back one of them.
For everyone else experiencing the same problem using Cloudflare: it can take up to five minutes, before multiple TXT DNS records are propagated properly.
This behavior happens with multiple cloud/enterprise providers. I think the first set of a TXT for a given key (or an A record) writes to an internal cache, and then is stuck for several minutes until it expires (usually the TTL).
I haven’t used them. Namecheap takes 90-120s on a 60s TTL. I had access to Linode and Dreamhost accounts, both were about 5mins for the second record to happen.
Until I finalize a move to acme-dns, I patched certbot to sleep after writing all the auths (and before verification. that solves all my problems.