Certificate validation _acme-challenge TXT record value keeps changing

What is the domain name?
custom domain:_cny2024_tm_com_my
cf zone: tmcny2024_com
note: replaced dot with underscore for domains cause community did not allow posting more than 4 “links”

Have you searched for an answer?
yes: found this article that led to adding CAA record with value: pki_goog

However, problem still persists, and new value for TXT _acme-challenge_cny2024_tm_com_my is refreshed with a different value.

Please share your search results url:

When you tested your domain, what were the results?
CAA record for tm_com_my includes pki_goog
TXT record for _cf-custom-hostname_cny2024_tm_com_my is correct and accepted
TXT record for _acme-challenge_cny2024_tm_com_my is per previous value (the value provided by SSL for SAAS has changed up to 4 times now.

Describe the issue you are having:
certificate validation _acme-challenge TXT record value keeps changing.

What error message or number are you receiving?
“Pending validation”

What steps have you taken to resolve the issue?

  1. added TXT _cf-custom-hostname_cny2024_tm_com_my successfully
  2. added TXT _acme-challenge_cny2024_tm_com_my successfully
  3. added CAA value pki_goog to tm_com_my successfully

Was the site working with SSL prior to adding it to Cloudflare?

What are the steps to reproduce the error:

  1. created custom hostname first in the custom hostname dashboard
  2. added TXT validation records
  3. added CAA record

Have you tried from another browser and/or incognito mode?

Please attach a screenshot of the error:

It changes each time the validation fails.

Try Delegated DCV instead, it will require only a single cname and you won’t have to make any changes for future renewals


I’d rather try to get to the bottom of what caused it to fail first before trying an alternative method. seeing that all the steps that I could find in the docs were followed.

  1. Would anyone be able to verify that the steps taken were correct and the records are reflected correctly?

  2. Can anyone point me to where I can find out more about why it failed, and where I can find the error message of that failure?

As suggested by @Erisa , we setup Delegated DCV, and everything went well. Thanks!

Unsure what was the issue with our earlier attempt without Delegated DCV.

Can consider this as solved. Sorta.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.