I am trying to enable a letsencrypt cert that has a wildcard host and the apex host in one cert. Since you can’t use their normal validation with a host fronted with cloudflare, the dns method is suggested. In order to do this you have to add a dns TXT record for _acme-challenge for every name on the cert in separate TXT records.
That all works fine when I use the wildcard domain, but when you add the apex domain letsencrypt requires 2 TXT records, one for each host name, which is allowed by the dns specification.
When I add the second one, cloudflare just silently discards it.
Anybody know a workaround?