Hi
I’m trying to switch over to cloudflare with letsencrypt and DNS verification.
I’ve disabled the duckdns and configured the letsencrypt according the documentation.
When starting letsencrypt, i can see the TXT getting added in my dns config and removes after a few minutes, however i’m getting this error in the log:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[11:57:21] INFO: Selected DNS Provider: dns-cloudflare
[11:57:21] INFO: Use propagation seconds: 60
[11:57:22] INFO: Use CloudFlare token
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for ha.REDACHTED.com
Waiting 60 seconds for DNS changes to propagate
Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these problems:
Domain: ha.REDACTED.com
Type: dns
Detail: DNS problem: looking up TXT for _acme-challenge.ha.REDACTED.com: DNSSEC: DNSKEY Missing
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-cloudflare-propagation-seconds (currently 60 seconds).
Don’t know what i’m doing wrong here, as i can’t seem to find what the root cause actually is…
anybody can point me out to something?