Missing DNS Records

Hello, dear participants.

I am a beginner and have just started learning Let's Encrypt.
While configuring Traefik and Let's Encrypt using DNS Challenge, I successfully obtained a wildcard certificate.
However, during further exploration, I deleted the record in the "DNS Records" section of Cloudflare, and now it is missing in the "DNS management for..." panel.
At the same time, I can still obtain new wildcard certificates, even when using a fresh installation and configuration, but unfortunately, the record does not reappear.

Can someone explain why the record does not appear again when I request a certificate?

Please don’t be harsh on me; I am just starting to learn, and it’s very challenging for me.
Additionally, English is not my native language, so understanding the documentation through a translator is quite difficult.

Best regards,
Alexander.

Welcome to the community @alexander-sneg We try to be friendly and helpful

It will be easier if you tell us your domain name. We can then be more exact.

What record exactly? Do you mean an A or AAAA record ?

I’d prefer not to disclose the domain name.
It looks like example.com.

I mean the TXT record.
As far as I understand, it is added by Let’s Encrypt.

Could it be that it’s added the first time and then is no longer needed?

Correct. The TXT record is only needed for the authorization. The TXT record is created by the ACME Client (not Let's Encrypt which is the ACME Server). Old TXT records should be deleted because if there are too many Let’s Encrypt will start rejecting it. Many ACME Clients clean up the TXT records automatically.

Successful challenges are cached for 30 days (currently). So requests for the same domain by the same account will not need to do a new challenge with a new TXT record. See: FAQ - Let's Encrypt That link has many language options. See the top menu

I changed your sample domain name to example. This is a standard example domain.

The other name you used is a valid domain owned by someone else. It is best to use the standard example domains. Better yet is the domain you own.

If I understood you correctly, does the record reappear after 30 days? Who keeps track of the time—my local Let's Encrypt?

I’ve gotten a general understanding now.
Here’s a question: where is this cache stored, and is it possible to clear it manually?

I’ve taken your note about the domain (example.com) into account. Please excuse me.

No. Your ACME Client makes the TXT record. The Let's Encrypt ACME Server checks it. Once checked the TXT record is not needed any more. The ACME Client should then delete it.

The TXT record is used just once to satisfy the challenge. It has no effect on your certificate after that.

It is stored by Let's Encrypt. Some ACME Clients can invalidate prior authorizations (the cached response). I don't know if Traefik has a way. Certbot, another ACME Client, does this when using its --dry-run option with the Let's Encrypt Staging (test) system.

I meant that every 30 days, the record will be created and removed (if the client supports it) for domain ownership verification.
It's just confusing because of the 30-day cache.

In any case, thank you so much for taking the time to help me.
Now I feel reassured that the absence of the record won’t lead to errors.
Please don’t close the topic right away, in case I have more questions.

Once again, thank you so much!

Well, no, not usually every 30 days.

The Let's Encrypt certs are good for 90 days. The recommended renewal is after they are 60 days old (so have 30 days remaining before expiration).

The way it usually works is the ACME Client looks at the cert it already has. If it is less than 60 days old nothing is done. If it is older than that the ACME Client will make a new challenge (with a new TXT record) and get a new cert to replace the previous one.

The cache is not usually involved once your cert process is running properly. The ACME Client can look at the cert it already got to determine if action is needed.