I was trying to issue a wildcard LetsEncrypt certificate for my domain parked on Cloudflare DNS servers (evangeline, hayes). I had some problems with timeouts and had to repeat the process few times - with new values _acme-challenge TXT records, so I was editing those that I have entered.
At some point Letsencrypt said “No TXT record found at _acme-challenge.ceremeo.com”. That was odd, so I checked the record and… there are tens of those! I checked DNS panel at Cloudflare, but there were only two entries. Even when I removed them - it didn’t change a thing. No matter what I do, I have 85 TXT entries for _acme-challenge.ceremeo.com
One day has passed and still nothing changes. When I add an entry, I have 86. After I delete it - I have 85…
Figured it out, I moved one of my domains to Cloudflare about the same time I setup certbot to generate certificates for it. The way I found to work around it was to Disable Universal SSL under Edge Certificates. This removed the 174 _acme-challenge records that I was unable to see in the console or api. This also allowed me to renew using certbot locally.
Lookup (host -t txt, dig txt) shows multiple TXT records for _acme-challenge and let’s encrypt can not issue certificate for domain. In the dashboard interface there are no such records.
