My domain shows two TXT-Records at _acme-challenge.MYDOMAIN

Website, Application, Performance
1

Hi,.
I have the same problem as this old tickets:
https://community.cloudflare.com/t/my-domain-shows-two-txt-records-at-acme-challenge-domain/
https://community.cloudflare.com/t/txt-record-spf-not-working/

I didn’t found a way to solve it.

Can someone assist?
@cf-scott

Thank you!

3

How to remove those phantom TXT address? I could see that in many of my domains in CF

4

I just checked that domains from another account that I have (old) doesn’t have the same simptom. So Why all my domains have those phantom TXT acme-challenge? Thank you again.

5

Hi @usergh,

Do you have a ticket opened or some domains you can demonstrate the issue with?

Thank you.

6

Hi,
Thank you @oshariff for the reply.
I guess all my domains are with the same symptom.
One is ilad.ngo:

dig +short txt _acme-challenge.pioneerbibles.org @1.1.1.1  
"YH_PS5hNr3Co2o_T9-kVuDHJ5LGouYXWUlQkmsY043Y"
"bua2MJgmB4z_sXVxpVlk8GhMBVXKvDluEsr-k0--4HQ"

dig +short txt _acme-challenge.pioneerbible.org @1.1.1.1  
"ITCkewK93AsIEslV3ACVdUKcEWmQJ2A1Lp7jDUuzkU8"
"qkw_r6wPOhQ7QBYH-7QwcJqcvYOiwy3iWwwzTUxd7Jk"

Thank you again.

Summary

Can I add other domains here and they will be hidden to the public?

7

Hi there,

Those records are created automatically by Universal certificate for certificate issuance/renewal and do not interfere with any other records you might want to create.
If you want them gone forever, you can disable Universal SSL at your dashboard as long as you have another type of certificate, or you don’t have the need for certificate as is the case with this zone where every DNS record is set to DNS only.

Screenshot 2024-02-29 at 11.54.28
Screenshot 2024-02-29 at 11.54.282080×500 54.8 KB

Take care.

8

My problem is that ACME.sh script are not working for that reasons:

[Thu Feb 29 06:05:57 CST 2024] Let's wait 10 seconds and check again.
[Thu Feb 29 06:06:08 CST 2024] You can use '--dnssleep' to disable public dns checks.
[Thu Feb 29 06:06:08 CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Thu Feb 29 06:06:08 CST 2024] Checking DOMAIN for _acme-challenge.DOMAIN
[Thu Feb 29 06:06:09 CST 2024] Not valid yet, let's wait 10 seconds and check next one.

and the record is already there.

Thank you for your help.

9

FYI.
I added 12 domains yesterday. All of them have problems with this, where the solution was just disable, wait, enable.
So, you guys clear have a bug in this, as there are so many others complain about this in the internet.
I hope that this helps by some way.
thank you.

1 Like
10

Hey there @usergh

Thanks for bringing this to our attention, and for the feedback - as @mcorreia provided, _acme-challenge is used to activate your Universal SSL certificates. within Cloudflare. If external services require this same TXT record to be placed, you will need to disable Universal SSL while your external service activates/verifies.

Thanks