I’m trying to install Traefik with a wildcard certificate against my Cloudflare domain - but it keeps failing with this error:
time=“2021-12-26T23:29:17Z” level=error msg="Unable to obtain ACME certificate for domains “.deprez.biz" : unable to generate a certificate for the domains [.deprez.biz]: error: one or more domains had a problem:\n[*.deprez.biz] time limit exceeded: last error: NS angela.ns.cloudflare.com. returned REFUSED for _acme-challenge.deprez.biz.\n” providerName=cloudflare.acme
I have to add that I only recently moved my DNS from Dreamhost to Cloudflare - not sure if that has anything to do with it…
I do see each time that the challenge is created (from the cloudflare dashboard) so I’m at a loss, to be honest.
REFUSED part is odd - I’d expect
NXDOMAIN if they are querying for a non-existent record.
Next time you try - check the record yourself via
dig TXT _acme-challenge.deprez.biz or an online tool:
This will tell you whether Google / Cloudflare’s public resolvers are seeing the record correctly. If they are - then it’s best to check with your CA to understand what exact DNS query they’re making when they receive
Hi Simon, thanks for your help!
I checked with the links you provided and the challenge is indeed showing up on both Google & Cloudflare:
Is there any setting on my domain that could cause this “refused”? I wonder since I recently moved DNS from my hosting provider to Cloudflare…
If not, I assume I need to head over to the Letsencrypt forum and as a question there…
Hi eva2000 - I have no clue how I didn’t find this myself
I spent most of yesterday trying to figure it out - and it works!
Thank you so much!!!
Glad I could help. My Google-foo is strong
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.