Hello,
I’ve been facing an issue where some of my domains are failing during the SSL renewal process (running from cron). The error message clearly points to a missing TXT record for the _acme-challenge entry:
Error: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.cu****troliza.ro
Detail: check that a DNS record exists for this domain
I assumed that since I am using the Cloudflare DNS API, the ACME client should automatically push the challenge TXT record during the renewal process. However, this doesn’t seem to be happening.
0 2 * * * /usr/bin/certbot renew --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cf.ini --quiet
But the log shows validation still failing with status: invalid.
Questions:
Does certbot always auto-create the TXT challenge via DNS API, or do we need extra hooks?
Could Cloudflare API token permissions cause this problem?
Is it safer to test renewals with --dry-run before production?
As a side note, I was testing some automation scripts where results were being fetched from an external source (similar to how I parse lottery data from [this page]). That script works perfectly with cron, so I’m wondering why certbot + Cloudflare DNS API isn’t acting the same way.
Any advice or code adjustments for the Cloudflare hook would be really helpful.
Thanks in advance!
