Cloudflare DNS record propagation does not work

recklessnl · May 6, 2019, 2:01am

I had caddy working for months and recently rebooted the container running Caddy, updated Caddy while I was at it (to version 1.0.0) and now I get endlessly stuck at renewing Cloudflare certificated.

I keep getting this in the logs (changed out URsL and scrambled IDs). I didn’t change my Caddyfile at all nor did I mess around with any Cloudflare settings whatsoever, and it worked flawlessly for weeks - any idea what is going on?

2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: Trying renewal with 671 hours remaining
2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: Obtaining bundled SAN certificate
2019/05/06 01:56:58 [INFO] [wiki.my.url] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/Kfosf8493egj32gjgh3gfhw3iojf23of892y
2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: Could not find solver for: tls-alpn-01
2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: Could not find solver for: http-01
2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: use dns-01 solver
2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: Preparing to solve DNS-01
2019/05/06 01:56:58 [INFO] cloudflare: new record for wiki.my.url, ID 411crj239iufh3289fuhffh32f8u2hf
2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: Trying to solve DNS-01
2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: Checking DNS record propagation using [192.168.1.23:53]
2019/05/06 01:56:58 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2019/05/06 01:56:58 [INFO] [wiki.my.url] acme: Waiting for DNS record propagation.
2019/05/06 01:57:00 [INFO] [wiki.my.url] acme: Waiting for DNS record propagation.
2019/05/06 01:57:02 [INFO] [wiki.my.url] acme: Waiting for DNS record propagation.
2019/05/06 01:57:04 [INFO] [wiki.my.url] acme: Waiting for DNS record propagation.
2019/05/06 01:57:06 [INFO] [wiki.my.url] acme: Waiting for DNS record propagation.
2019/05/06 01:57:08 [INFO] [wiki.my.url] acme: Waiting for DNS record propagation.
2019/05/06 01:57:10 [INFO] [wiki.my.url] acme: Waiting for DNS record propagation.

And this will go on and on and it will never actually complete the challenge and start working… any ideas?

matt · May 6, 2019, 3:21am

The default polling interval for Cloudflare is 2 seconds, which is why you’re seeing that message so often. lego/cloudflare.go at 5bf36f544a78ed71c1bb58b7728914604b5a6df5 · go-acme/lego · GitHub

It appears that Cloudflare is slow at updating its DNS records or you have a local DNS server interfering.

recklessnl · May 6, 2019, 6:25pm

It’s not a problem if it takes some time to complete, so long as it actually works in the end, but the problem is that it doesn’t complete it anymore and after a while it just repeats and repeats without actually completing.

How can I make it work again? My caddyfile looks like this (roughly):

my.own.url {
proxy / 192.168.1.123:5678{
  websocket
	transparent
	}
	tls {
	dns cloudflare
	}
}

It always worked fine in the last few months, I don’t know what changed…

EDIT: it just went through after 10 minutes. I think it just takes a long time. So I’ll mark this as solved for now, with the caveat being that you need to be more patient then in the past to have the certs renewed. Thanks for the help @matt

matt · May 6, 2019, 6:41pm

Hm, weird. I used Cloudflare just this morning to renew a certificate successfully. Do you run a local DNS server?

recklessnl · May 6, 2019, 6:42pm

I do run a Pihole server (with cloudflared to use DNS over HTTPS), so maybe that’s what caused it to be so much slower than it was before?

matt · May 6, 2019, 10:36pm

Yes, probably. Try disabling it just for a few minutes and retry; see if the problem persists.

system · August 4, 2019, 10:36pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.