Encountered CloudFlareAPIError adding TXT record: 83011 Total record size limit exceeded

Hello folks,

I use five domains with Cloudflare DNS. All have a website hosted on the same Debian server. Certbot generates Let’s Encrypt wildcard certificates. Everything has been running flawlessly for years.

Since two weeks Certbot can’t update one SSL certificate of one domain. All others are fine.

Certbot shows me the following error:

Encountered CloudFlareAPIError adding TXT record: 83011 Total record size limit exceeded.

What I tried:
Manual creation of a new TXT record works.
Some DNS entries were deleted to make room for new entries.
Removed the Certbot config and the SSL certificates for this domain.
Deleted the entire domain in Cloudflare and started over.

All without success.

Where could the error be located?

Greetings,

Thank you for asking.

Kindly, before doing anything at Cloudfalre SSL/TLS settings, you could determine if you have a valid SSL certificate installed at the origin host/server by your web hosting provider or your own VPS/dedicated server following the steps from below:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS.
  4. Check with your hosting provider / cPanel AutoSSL / ACME.sh / Certbot / Let’s Encrypt or some other and renew it accordingly.
  5. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

Otherwise, you can temporary set the DNS record to unproxied :grey: (DNS-only), wait for a few minutes, restart the process of renewing and re-issuing the Certbot/Let’s Encrypt SSL certificate, upon success, switch them back to proxied :orange:.

Might be some misconfussion as Cloudflare Universal SSL might also be issued via Let’s Encrypt, therefore the TXT records for validation can be seen on a lookup, however cannot be managed or deleted (except if we disable Universal SSL feature from the SSL/TLS of Cloudflare which might cause some other issue, if our origin SSL certificate isn’t being presented and in case we could be using HSTS, etc.).

Else, what comes to my mind might be a long hostname with splitted with dots . or dashes - or underscore _ causing some issue at the DNS tab of the Cloudflare dashboard? :thinking:

Furthermore, I might be wrong but about the next one, but with that action you might end up having two identical _acme-challenge DNS entries on a DIG/DNS lookup, as far as Cloudflare uses one for Universal SSL. If true, then I am afraid you cannot have the two identical, if so.

Hello, no this is not the solution.

I don’t use the Cloudflare’s proxy feature or Universal SSL. It’s only DNS.

No, no problems with long hostnames or anything. All other domains are still work and this one worked for a few years, too.

Thank you for feedback information.

Weird a bit :thinking:

Kindly, I’d suggest you to write a ticket to Cloudflare support due to your account and/or domain issue and share the ticket number here with us so we could escalate this issue:

I don’t know what happend, but overnight the issue disappeared. Certbot is now able to create TXT records with this domain again. I think the last step, removing the domain in Cloudflare, solved the problem after a few days. But it’s still weird.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.