Closed TheLinuxGuy closed 5 months ago
I am not sure about the root cause of the multiple TXT entries for a single binary run, but wanted to add that DNS on synology was being painful for cloudflare.
I was finally able to get this working at generating certs by passing this option in the env
file
LEGO_OPTIONS=(--dns.resolvers "1.1.1.1")
Is 192.168.20.1:53 a local DNS resolver cache
, like dnsmasq? If so, then it probably cached the first NXDOMAIN response (negative caching) and keeps returning that without forwarding.
By setting --dns.resolvers
you are bypassing your local cache and the recursive queries to 1.1.1.1
will at first receive NXDOMAIN but eventually resolve the _acme-challenge TXT.
If you use dnsmasq; it has a no-negcache flag, but I can't know if that is appropriate for your setup.
Is 192.168.20.1:53 a local DNS resolver cache, like dnsmasq? If so, then it probably cached the first NXDOMAIN response (negative caching) and keeps returning that without forwarding.
Yes, its a firewalla.com router device. Bypassing the DNS resolver from DHCP allowed the script to run and I guess "resolved" the issue - although its weird that 2 API calls to Cloudflare to create 2 distinct TXT records were executed in a single run.
I don't think there is much value in debugging further as I seem to be an edge-case. Going to close this - thanks!
Hi, thank you for your script. I am trying to use Cloudflare with DNS API key and it is failing at "DNS record propagation" timeout.
Checking my cloudflare control panel shows two (2) TXT
_acme-challenge
entries with different values. This seems like a bug.The TXT entry is deleted after failure above; if I re-run your script the same behavior is observed (2) TXT entries with different values is created at cloudflare. There is no debug indicator to tell me which string is the valid one but also I don't think the second entry should exist in the first place.