[GH-ISSUE #1193] Certificate renewal through Cloudflare stopped working. #2453

New issue

Closed

opened 2026-02-27 12:22:33 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 12:22:33 +03:00

Owner

Originally created by @mosaati on GitHub (Jun 30, 2025).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1193

Describe the bug
I don't know when this has started. But certificate renewal stopped working. I had it previously running using Cloudflare DNS verification. and it was working fine. Now it just spams "Waiting for DNS record propagation".

and then the error: obtain cert error: error: one or more domains had a problem: [*.xx.xx] propagation: time limit exceeded: last error: authoritative nameservers: NS lou.ns.cloudflare.com.:53 did not return the expected TXT record.

Interestingly:
2 TXT records are created on Cloudflare, however there is a note on the records "The content field of TXT records must be in quotation marks. Cloudflare may add quotation marks on your behalf, which will not affect how the record works."

The error also reads other TXT spf records which are named the same as my domain as found instead of the named _acme-challenge TXT that were created.

To Reproduce
Steps to reproduce the behavior:

add 1.1.1.1:53 DNS propagation
create ACME user
add Cloudflare DNS API credentials
Try to create wildcard certificate.

Expected behavior
Issue or renew as expected.

Info (please complete the following information):

Server OS: [Ubuntu 24.10]
Server Arch: [x86,]
Nginx UI Version: [v2.1.9]
Your Browser: [Brave]

Additional context
No other changes were observed except of I upgraded the version.

Please let me know if there is a way to revert to an older version to test.

Originally created by @mosaati on GitHub (Jun 30, 2025). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1193 **Describe the bug** I don't know when this has started. But certificate renewal stopped working. I had it previously running using Cloudflare DNS verification. and it was working fine. Now it just spams "Waiting for DNS record propagation". and then the error: obtain cert error: error: one or more domains had a problem: [*.xx.xx] propagation: time limit exceeded: last error: authoritative nameservers: NS lou.ns.cloudflare.com.:53 did not return the expected TXT record. Interestingly: 2 TXT records are created on Cloudflare, however there is a note on the records "The content field of TXT records must be in quotation marks. Cloudflare may add quotation marks on your behalf, which will not affect how the record works." The error also reads other TXT spf records which are named the same as my domain as found instead of the named _acme-challenge TXT that were created. **To Reproduce** Steps to reproduce the behavior: 1. add 1.1.1.1:53 DNS propagation 2. create ACME user 3. add Cloudflare DNS API credentials 4. Try to create wildcard certificate. **Expected behavior** Issue or renew as expected. **Info (please complete the following information):** - Server OS: [Ubuntu 24.10] - Server Arch: [x86,] - Nginx UI Version: [v2.1.9] - Your Browser: [Brave] **Additional context** No other changes were observed except of I upgraded the version. Please let me know if there is a way to revert to an older version to test.