Is it normal for TXT records to take many days to propagate?

Now I know it can take “24-48 Hours” for propagation but it seems my newly added txt record is not propagating. I have queried cloudflares dns with a dig specifically and I still cannot see it and only my spf record which was there before. I have made other additions to DNS such as CNAME records and they have propagated as normal. Need some insight please!

Can you share the name of the domain as well as the name of the record you added?

If a new record doesn’t show up within seconds, there is typically an error somewhere.

Sure!
Domain is n0xlabs dot com

Record Type: TXT
Name: _acme-challenge
Content: 9kdclt3kRg0v3VXhzN-wr9zMV9mBzSuLqAMfyD193V8
TTL: Auto

Works for me:

dig +short _acme-challenge.n0xlabs.com txt
"9kdclt3kRg0v3VXhzN-wr9zMV9mBzSuLqAMfyD193V8"

I have just tried to finished the setup of lets encrypt cert for a self hosted app and it had failed.

I have also queried it with mxtoolbox, dnslookup, etc.

Not sure whats going on and why we can see it specifically with the command you used and not just a general query/dig of the txt records

I am going to have to do a new one now since it failed but i think it may have the same results

Its now gy9bZzMDf2sR7Ixbwe8lCNWUa2ikU0BWD96pm408Cus for the contents

https://www.nslookup.io/domains/_acme-challenge.n0xlabs.com/dns-records/

All seem to be working. Did you enter the full record name _acme-challenge.n0xlabs.com or just your domain n0xlabs.com?

Just the domain name when i did it

That would explain why you didn’t find it, you need to enter the full name.

Why would my other txt record come up then? Also when cert bot reaches out to verify it it queries the domain i think.

I guess my question would be why does it show my other txt and how would i get the lets encrypt cert to validate that the txt is actually there?

Because your other txt record has the name n0xlabs.com.

The name _acme-challenge.n0xlabs.com is correct and what LetsEncrypt will query.

If it doesn’t work, make sure you didn’t make any typos in certbot when you created your certificate.

Okay Im going to go validate everything quick and then attempt it once more. I appreciate your help, will keep you updated soon

Okay so maybe there was a typo both times i did it the first time. I just re checked everything with the newly generated one I had and then tried and it seemed to work…

im sorry, but i appreciate your help!

Nothing to be sorry for :wink:

Maybe it would be easier to use the Cloudflare Plugin for Certbot in the future (certbot-dns-cloudflare) - Welcome to certbot-dns-cloudflare’s documentation! — certbot-dns-cloudflare 0 documentation.

It takes a few more steps to set up, but you wouldn’t have to do anything manually afterwards to renew your certificate. You just have certbot run once a day and it will do everything automatically.

Ill have to look into this! thank you!

The short version:

  1. You create a Cloudflare token with the permission Zone:DNS:Edit for your domain
    Create API token · Cloudflare Fundamentals docs

  2. Save the token somewhere in a text file named cloudflaretoken.ini

  3. Install certbot-dns-cloudflare. For example on Ubuntu: apt install certbot-dns-cloudflare

  4. Use this command to create a wildcard certificate for one domain. Replace domain.tld with your domain (3 times) and /path/to/cloudflaretoken.ini with the location where you saved the file.

certbot certonly -a dns-cloudflare \
--cert-name domain.tld \
--dns-cloudflare-credentials /path/to/cloudflaretoken.ini \
--dns-cloudflare-propagation-seconds 30 \
-d domain.tld,\*.domain.tld \
--preferred-challenges dns-01
  1. Run the command certbot renew once a day, for example via Cron. It will renew your certificate if it is within… one month or so of its expiration date.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.