Duplicate TXT DNS records required

**stenberg** · March 11, 2019, 10:40am

Hello,

I am trying to enable a letsencrypt cert that has a wildcard host and the apex host in one cert. Since you can’t use their normal validation with a host fronted with cloudflare, the dns method is suggested. In order to do this you have to add a dns TXT record for _acme-challenge for every name on the cert in separate TXT records.

That all works fine when I use the wildcard domain, but when you add the apex domain letsencrypt requires 2 TXT records, one for each host name, which is allowed by the dns specification.

When I add the second one, cloudflare just silently discards it.

Anybody know a workaround?

**domjh** · March 11, 2019, 11:16am

What do you mean by this? Can you post a screenshot?

**stenberg** · March 11, 2019, 11:20am

I can’t post a screenshot of a negative. But you can duplicate it like this.

create a DNS TXT record for _acme-challenge and put in any string, say “ABC” (you must enter the quotes or cloudflare silently ignore it.
Create a second DNS TXT record for _acme-challenge (this is allowed by the DNS specification) and enter another string for value, say “DEF”.

The second one is silently ignored by cloudflare, and you still have only “ABC”.

**domjh** · March 11, 2019, 5:06pm

I meant a screenshot of the record you are trying to add

I have just tried adding it, even without the quotes, both the TXT records show on a lookup.

**stenberg** · March 11, 2019, 12:14pm

Wow that is really interesting. I tried a half a dozen times, but the actual strings required by letsencrypt are long and contains hyphens and underscores. In my case, only the first one is saved. Subsequent ones are silently discarded. I did see a bug in the interface - if you omit the quotes, your edit is silently discarded with no warning. Maybe the special characters have something to do with it, based on your results I will start experimenting with different strings and see if I can narrow down the issue. Thanks!

**sandro** · March 11, 2019, 5:11pm

Just attempted the same as @domjh and used actual values and it appeared to work as well. Maybe a typo in the name of the other value?

**stenberg** · March 11, 2019, 6:14pm

Thanks to the folks that replied. I think now what was happening was, I saw a service alert that there was an outage yesterday and that during that time dns updates were not propagated.

I just tried it again, and sure enough, its all good. So thanks again if I hadn’t heard from anyone I would have just assumed it was a bug and given up and tried something else.

**system** · April 10, 2019, 6:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.