Wildcard ssl letsencrypt from cloudflare A-record @ required?

Yasha75280203 · April 16, 2020, 2:21am

Hello.

I generate Wildcard SSL letsencrypt from CloudFlare DNS.

In DNS I have only one record: A - * - MyIP

Can I not add an A-record A - @ - MyIP?
Will there be a check in this case?

Now I have error

Domain: ***.com
Type: unauthorized
Detail: No TXT record found at _acme-challenge.***.com

UPD: domain kinoknopka.plus

_az · April 16, 2020, 2:33am

If you actually have a wildcard A record, there’s no problem. It doesn’t interfere with the creation or querying of the _acme-challenge TXT records.

However, if you create a wildcard CNAME record, then things tend to stop working, because resolvers will follow CNAMEs and ignore any TXT records under the same DNS label.

As always, the devil is in the details, so if you want help, post your real domain name.

kinoknopka · April 16, 2020, 2:51am

kinoknopka.plus
please check it

_az · April 16, 2020, 8:52am

That domain looks okay to me.

How are you trying to issue the wildcard certificate? What Let’s Encrypt client are you using, what command are you using, and what’s the output?

Yasha75280203 · April 16, 2020, 8:14pm

DNS: A-record - *.kinoknopka.plus - IP
Generate:

        docker run \
            --rm \
            -v "/ssl.d:/etc/letsencrypt" \
            -v "/letsencrypt:/var/lib/letsencrypt" \
            -v "/cloudflare.ini:/cloudflare.ini" \
            certbot/dns-cloudflare \
            certonly \
            --dns-cloudflare \
            --dns-cloudflare-credentials /cloudflare.ini \
            --email "support@kinoknopka.plus" \
            --non-interactive \
            --agree-tos \
            -d "kinoknopka.plus" \
            -d "*.kinoknopka.plus" \
            --server https://acme-v02.api.letsencrypt.org/directory

Result:
Domain: kinoknopka.plus
Type: unauthorized
Detail: No TXT record found at _acme-challenge.kinoknopka.plus

Domain: kinoknopka.plus
Type: unauthorized
Detail: No TXT record found at _acme-challenge.kinoknopka.plus

After add DNS: A-record - kinoknopka.plus - IP
Result: Generation was successful.

Is a domain A-record kinoknopka.plus record required? *.kinoknopka.plus not enough?
If I delete the record A-record - kinoknopka.plus - IP after generation, will the certificate renewal also be an error?

system · May 16, 2020, 8:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Wildcard: two domains, one works the other doesn't Server	3	696	April 11, 2019
Missing DNS Records Help	8	35	December 12, 2024
Wildcard cert request renders "Incorrect TXT record" error Help	8	9459	May 19, 2018
Wildcard certificate issuer problem Help	19	3302	May 12, 2018
DNS-01 validation- TLD and wildcard Issuance Tech	4	2433	November 9, 2018

Wildcard ssl letsencrypt from cloudflare A-record @ required?

Related topics