I have a nginx server on D.O.
My DNS have one A/AAAA and 4 CNAMEs pointing to the same server.
I have it behind CloudFlare DNS, but i’ve disabled temporarly to make the auth. I know it works because I logged with tcpdump some http requests to all subdomains. CF doesnt hijack while disabled, it acts like a normal DNS server.
I’ve also stopped my nginx server to make room on port 80 for the LE client.
When I try to issue to only one of that 5 FQDNs it works ALMOST all the time. It fails 1 in 5.
With that in mind I want only one cert for all that 5 subdomains. So I run:
./letsencrypt-auto certonly -d MAINDOMAIN -d SUB1.MAINDOMAIN -d SUB2.MAINDOMAIN -d AND-SO-ON --agree-dev-preview --verbose
(Ran certonly because of nginx issues)
But I cant finish all process because it fails RANDOMLY in any of subdomains, maindomain included. Sometimes it fails on SUB1, sometimes on SUB1 + SUB2, sometimes on MAINDOMAIN + SUB2, etc.
Why the validation fails this way?
Thanks for your time!
Edit: After 15+ tries I got it working for all my subs simultaneosly.