I am trying to create a TXT record to validate ownership of a DNS record. Entering via the Web UI adds double quotation marks to the beginning and end of the record data, which breaks validation.
What steps have you taken to resolve the issue?
Have tried editing the record and removing the quotes, but they are automatically added. The validation string contains no spaces and the only nonstandard characters are a minus and underscore.
What feature, service or problem is this related to?
There’s no getting around that here. TXT records really should be consistent with quotation marks, and with the way someTXT records need to be formatted, all should have quotation marks for consistency’s sake.
What service is it that needs to validate without quotation marks?
Edit: -Almost- no way around it. API method below is a workaround.
This is for the acme challenge for a LetsEncrypt certificate. The error message on the LE side is cryptic but it is complaining that the key (in the TXT record) is incorrect. Last time I had to do this (when the Cloudflare Web UI didn’t add quotes) it worked without issue.
If there is no way around this on the Cloudflare front I might have to chase up LetsEncrypt instead, because quotations are a normal (and possibly more RFP-compliant) thing.
Hi @user1115! How are you requesting the Let’s Encrypt certificate? If you’re using certbot, that should be able to add the required _acme-challenge record automatically if you give it a Cloudflare API token.
In theory the quotes shouldn’t be an issue because:
If you’re using the Cloudflare API (either yourself or via certbot) records without quotes can still be added. (Although now discouraged, certbot currently still stores them without quotes.)
If you’re using the Cloudflare dashboard to add the record (as seems to be the case) quotes will be added, but it’ll look exactly the same in the DNS, regardless of whether the dashboard shows explicit quotes or not. Only if certbot was reading the record via the API would it be able to complain about the quotes, but I don’t think it has such a feature.
Could you check that you’re not adding any whitespace or newline characters before or after the record content? It seems some people are adding a newline (pressing Enter) at the end, which is then shown as a \010 escape sequence at the end of the record (before the last quote). We’ll work on improving that soon. In the meantime, could you check that this isn’t the case for you?
Ok, this ended up being user error (surprise surprise).
I am running certbox in docker on a Synology nas, and the certbox container was waiting for user input. However, the log message was cryptic enough that I thought it was rejecting the DNS entry, and combined with a new behavior in the Cloudflare dashboard (showing quotes, whereas the older TXT records didn’t show quotes) I jumped to the wrong conclusion.