Lets Encrypt Container Help

I am trying to get the lets encrypt container working with my domain and using cloudflare ddns. I got it working with DuckDNS since I was trying all day with Cloudflare and DuckDNS came up first try but CloudFlare keeps giving me the following error with my subdomains. When I check the dns it is pointing to my server so it seems like a CloudFlare issue, someone mentioned I could change the wait time from 10 secs to 30 or 40 secs and that might help but not sure how to do that.

Domain: thedavidson.net
Type: dns
Detail: DNS problem: SERVFAIL looking up TXT for
_acme-challenge.thedavidson.net - the domain’s nameservers may be

Also Note that it’s google cloud not google Domains that’s supported.

Are you sure you’re using the global api key?

Cloudlfare changes usually propagate almost instantly. You can verify on https://dnschecker.org

You can also test by refreshing the cloudflare dashboard while the validation is happening to see if the TXT records are really being created.

I also recommend using the STAGING=true option while you’re testing and remove it after you get it to work to prevent getting throttled by letsencrypt

Thanks I will retest with STAGING vs Production. Just not sure why Cloudflare is so hard to setup. I am using the API Token vs the Global API. The CloudFlare is setup with Grey so no Proxy setup. I have a A record pointing to the main domain that points to my Docker Server at the house, with CNAMES for the subdomains. Only crazy thing with this domain is it is setup for Google Apps email but only the MX records point to Google.

Is there a way to tell the container to wait 30 secs vs 10?

My registar is Google so I will move my DNS back to them and use their DDNS and try it with HTTP vs DNS validation. Just will wait until domain finishes propagating.

You have to use the global api key, not a token.

Thanks for the info, I thought I read it would work with a Zone:Read DNS:Edit token.

Just an update, I switched my DNS to point to my registar, Google and used their DDNS vs going through Cloudflare. I changed to HTTP since this container does not use DNS validation with Google Domains and I got it working. Thanks for the help in trying to get this working with Cloudflare but Google Domains seemed to work out better and since that is my registar why have another DNS provider.

Glad to hear it worked, but if you ever need wildcard certs, dns validation via cloudflare would be the recommended route. Just make sure you use the global api key next time :wink: