I’m using cloudflare for DNS validation in SWAG and I found that the default propagation time to get Letsencrypt certificates short (10 seconds). The acme test actually failed and I didn’t get my certificate.
I see that you can manually add “–dns-cloudflare-propagation-seconds” to the certbot command, and when I set it to 30 (seconds), that worked just fine. But that’s when I did it manually inside the container… not a user friendly solution.
This is only actually a problem when you request the first certificate, so it would be great to change the default to 30 seconds when using Cloudflare DNS verification in the SWAG container (if this is at all possible?).
The default 10 seconds was working for me in the past until I noticed now that my backend servers weren’t accessible because the cert auto-renewals were failing due to the same issue. I changed the propagation timeout to 60 seconds, recreated the container, and for some reason it did not try to renew the existing cert but requested for a new one instead. Is this normal?
Honestly, 10sec has NEVER worked for me with cloudflare (and quite a few others I’ve helped).
Usually when I help someone set up swag/cloudflare, I just automatically recommend setting the propagation env variable to 30, as that generally seems to work fine.
I too never had a problem with Cloudflare, until just recently. I had to make a new certificate and the 10 seconds just weren’t enough.
Maybe Cloudflare changed something with their API regarding timing?
Changing to 30 seconds works fine.