Cloudflare Acme DNS challenge fails

Hi all,

I’m trying to install Traefik with a wildcard certificate against my Cloudflare domain - but it keeps failing with this error:

time=“2021-12-26T23:29:17Z” level=error msg="Unable to obtain ACME certificate for domains “" : unable to generate a certificate for the domains []: error: one or more domains had a problem:\n[*] time limit exceeded: last error: NS returned REFUSED for\n” providerName=cloudflare.acme

I have to add that I only recently moved my DNS from Dreamhost to Cloudflare - not sure if that has anything to do with it…

I do see each time that the challenge is created (from the cloudflare dashboard) so I’m at a loss, to be honest.

The REFUSED part is odd - I’d expect NXDOMAIN if they are querying for a non-existent record.

Next time you try - check the record yourself via dig TXT or an online tool:

This will tell you whether Google / Cloudflare’s public resolvers are seeing the record correctly. If they are - then it’s best to check with your CA to understand what exact DNS query they’re making when they receive REFUSED.

1 Like

Hi Simon, thanks for your help!

I checked with the links you provided and the challenge is indeed showing up on both Google & Cloudflare:


Is there any setting on my domain that could cause this “refused”? I wonder since I recently moved DNS from my hosting provider to Cloudflare…

If not, I assume I need to head over to the Letsencrypt forum and as a question there…

Google returned Problem renewing the cert with DNS-01 challenge - #2 by cerealconyogurt - Traefik v2 - Traefik Labs Community Forum - might help? :slight_smile:

1 Like

Hi eva2000 - I have no clue how I didn’t find this myself :joy:
I spent most of yesterday trying to figure it out - and it works!
Thank you so much!!!


Glad I could help. My Google-foo is strong :smiley:


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.