I am trying to enable a letsencrypt cert that has a wildcard host and the apex host in one cert. Since you can’t use their normal validation with a host fronted with Cloudflare, the dns method is suggested. In order to do this you have to add a dns TXT record for _acme-challenge for every name on the cert in separate TXT records.
That all works fine when I use the wildcard domain, but when you add the apex domain letsencrypt requires 2 TXT records, one for each host name, which is allowed by the dns specification.
When I add the second one, Cloudflare just silently discards it.
Wow that is really interesting. I tried a half a dozen times, but the actual strings required by letsencrypt are long and contains hyphens and underscores. In my case, only the first one is saved. Subsequent ones are silently discarded. I did see a bug in the interface - if you omit the quotes, your edit is silently discarded with no warning. Maybe the special characters have something to do with it, based on your results I will start experimenting with different strings and see if I can narrow down the issue. Thanks!
Thanks to the folks that replied. I think now what was happening was, I saw a service alert that there was an outage yesterday and that during that time dns updates were not propagated.
I just tried it again, and sure enough, its all good. So thanks again if I hadn’t heard from anyone I would have just assumed it was a bug and given up and tried something else.