From the Cloudflare dashboard, it appears that Caddy is trying to obtain 2 certificates, creating 2 TXT records: for *.example.com and example.com. I know that it is possible to generate a single certificate for wildcard and root domains, but I’m not sure if caddy supports this and if my Caddyfile is even correct, given that I’m getting resolving: waiting for resolver certmagic.solverWrapper to be ready: timed out waiting for full record propagation. But caddy still obtained the certificate for the root domain, the wildcard domains are still unavailable
It maybe just one certificate. Typically a wildcard certificate has 2 names example.com and *.example.com that might each have their own TXT record _acme-challenge.example.com.
Caddy doesn’t do multi-SAN certificates. All of Caddy certificates are single SAN.
It seems Caddy doesn’t see the record after setting it. Caddy checks for the presence of the TXT record for the DNS challenge before asking the CA to check it. Typically Caddy checks DNS for the TXT record immediately after setting it, and the default timeout is 2 minutes. You can configure that behavior using propagation_timeout and propagation_delay. You can also set propagation_delay to -1 to tell Caddy not to check for propagation.
The DNS challenge is mandatory for wildcard certificates. For non-wildcard, there are other challenges that don’t require Caddy to manipulate DNS, i.e. HTTP and ALPN challenges. That’s why the cert for the root domain is available but the wildcard cert failed.