We have hide.expert dns zone on CF and we have 58 A records
pointing to servers (2 record for one ip).
We need to have a SAN certificate from Letsencrypt, which
contains all of our server names.
Few months ago we issue initial certificate with DNS
checking (dns-cloudflare plugin for certbot).
Everything was fine. After that we renew our certificate
at least one time. Also successful.
But now we cant do it, because of CAA checking error.
Cant attach log here. Dont see such option.
It works for something about 40 names in certificate,
but with more amount will generate an error.
As I see there is some kind of protect DNS.
LE sending dns verification requests and after some
amount CF treated it as DoS attack or something like this.
Is it correct? If yes, what are rate limits for such situation
and is there any solution?
Also my post on LE community forum: