[GH-ISSUE #1193] Certificate renewal through Cloudflare stopped working. #3751

New issue

Closed

opened 2026-02-28 11:57:33 +03:00 by kerem · 12 comments

kerem commented 2026-02-28 11:57:33 +03:00

Owner

Copy link

Originally created by @mosaati on GitHub (Jun 30, 2025).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1193

Describe the bug
I don't know when this has started. But certificate renewal stopped working. I had it previously running using Cloudflare DNS verification. and it was working fine. Now it just spams "Waiting for DNS record propagation".

and then the error: obtain cert error: error: one or more domains had a problem: [*.xx.xx] propagation: time limit exceeded: last error: authoritative nameservers: NS lou.ns.cloudflare.com.:53 did not return the expected TXT record.

Interestingly:
2 TXT records are created on Cloudflare, however there is a note on the records "The content field of TXT records must be in quotation marks. Cloudflare may add quotation marks on your behalf, which will not affect how the record works."

The error also reads other TXT spf records which are named the same as my domain as found instead of the named _acme-challenge TXT that were created.

To Reproduce
Steps to reproduce the behavior:

1. add 1.1.1.1:53 DNS propagation
2. create ACME user
3. add Cloudflare DNS API credentials
4. Try to create wildcard certificate.

Expected behavior
Issue or renew as expected.

Info (please complete the following information):

• Server OS: [Ubuntu 24.10]
• Server Arch: [x86,]
• Nginx UI Version: [v2.1.9]
• Your Browser: [Brave]

Additional context
No other changes were observed except of I upgraded the version.

Please let me know if there is a way to revert to an older version to test.

Originally created by @mosaati on GitHub (Jun 30, 2025). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1193 **Describe the bug** I don't know when this has started. But certificate renewal stopped working. I had it previously running using Cloudflare DNS verification. and it was working fine. Now it just spams "Waiting for DNS record propagation". and then the error: obtain cert error: error: one or more domains had a problem: [*.xx.xx] propagation: time limit exceeded: last error: authoritative nameservers: NS lou.ns.cloudflare.com.:53 did not return the expected TXT record. Interestingly: 2 TXT records are created on Cloudflare, however there is a note on the records "The content field of TXT records must be in quotation marks. Cloudflare may add quotation marks on your behalf, which will not affect how the record works." The error also reads other TXT spf records which are named the same as my domain as found instead of the named _acme-challenge TXT that were created. **To Reproduce** Steps to reproduce the behavior: 1. add 1.1.1.1:53 DNS propagation 2. create ACME user 3. add Cloudflare DNS API credentials 4. Try to create wildcard certificate. **Expected behavior** Issue or renew as expected. **Info (please complete the following information):** - Server OS: [Ubuntu 24.10] - Server Arch: [x86,] - Nginx UI Version: [v2.1.9] - Your Browser: [Brave] **Additional context** No other changes were observed except of I upgraded the version. Please let me know if there is a way to revert to an older version to test.

kerem 2026-02-28 11:57:33 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-28 11:57:33 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Jun 30, 2025):

It seems to be caused by the DNS cache. You can try again at a different time to see if the renewal can be successful. Currently, it is functioning properly here with me.

<!-- gh-comment-id:3019136275 --> @0xJacky commented on GitHub (Jun 30, 2025): It seems to be caused by the DNS cache. You can try again at a different time to see if the renewal can be successful. Currently, it is functioning properly here with me.

kerem commented 2026-02-28 11:57:33 +03:00

Author

Owner

Copy link

@mosaati commented on GitHub (Jun 30, 2025):

The error is persisting for almost a week now. I'm not sure why.

I will do some debugging and report back.

Thank you for your time.

<!-- gh-comment-id:3019193455 --> @mosaati commented on GitHub (Jun 30, 2025): The error is persisting for almost a week now. I'm not sure why. I will do some debugging and report back. Thank you for your time.

kerem commented 2026-02-28 11:57:33 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Jun 30, 2025):

You can try to use another DNS server like 8.8.8.8:53

<!-- gh-comment-id:3019198035 --> @0xJacky commented on GitHub (Jun 30, 2025): You can try to use another DNS server like 8.8.8.8:53

kerem commented 2026-02-28 11:57:33 +03:00

Author

Owner

Copy link

@mosaati commented on GitHub (Jun 30, 2025):

Sure. Will try. Thanks.

<!-- gh-comment-id:3019203070 --> @mosaati commented on GitHub (Jun 30, 2025): Sure. Will try. Thanks.

kerem commented 2026-02-28 11:57:34 +03:00

Author

Owner

Copy link

@mosaati commented on GitHub (Jul 10, 2025):

I just wanted to add that I had tried everything and nothing worked. I tried using DNS challenge in other tools and they worked as expected. Not sure where the problem is.

<!-- gh-comment-id:3056704107 --> @mosaati commented on GitHub (Jul 10, 2025): I just wanted to add that I had tried everything and nothing worked. I tried using DNS challenge in other tools and they worked as expected. Not sure where the problem is.

kerem commented 2026-02-28 11:57:34 +03:00

Author

Owner

Copy link

@mosaati commented on GitHub (Jul 10, 2025):

I was able to issue a certificate by editing the text records as soon as they were created and adding quotes at the beginning and end of each record.

<!-- gh-comment-id:3056772495 --> @mosaati commented on GitHub (Jul 10, 2025): I was able to issue a certificate by editing the text records as soon as they were created and adding quotes at the beginning and end of each record.

kerem commented 2026-02-28 11:57:34 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Jul 10, 2025):

OK, I know the problem. Thanks for your debug!

<!-- gh-comment-id:3056786679 --> @0xJacky commented on GitHub (Jul 10, 2025): OK, I know the problem. Thanks for your debug!

kerem commented 2026-02-28 11:57:34 +03:00

Author

Owner

Copy link

@mosaati commented on GitHub (Jul 10, 2025):

Just to add, bug #1219 happened to me as well and had to delete them all. The text records keep creating to renew but never confirmed. I guess adding the quotes while testing fixed the issue for now but will happen again when it is time o renew.

<!-- gh-comment-id:3057045299 --> @mosaati commented on GitHub (Jul 10, 2025): Just to add, bug #1219 happened to me as well and had to delete them all. The text records keep creating to renew but never confirmed. I guess adding the quotes while testing fixed the issue for now but will happen again when it is time o renew.

kerem commented 2026-02-28 11:57:34 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Jul 10, 2025):

Yes, I have noticed that.

<!-- gh-comment-id:3057183018 --> @0xJacky commented on GitHub (Jul 10, 2025): Yes, I have noticed that.

kerem commented 2026-02-28 11:57:34 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Jul 19, 2025):

You can update to the dev version. This issue should have been fixed.

<!-- gh-comment-id:3092385763 --> @0xJacky commented on GitHub (Jul 19, 2025): You can update to the dev version. This issue should have been fixed.

kerem commented 2026-02-28 11:57:34 +03:00

Author

Owner

Copy link

@mosaati commented on GitHub (Jul 20, 2025):

Tried the dev release and renewed right away. Thank you.

Just a minor note. Dev version is v2.1.13 (ddd538b5). When I switch the channel to stable the version is v2.1.12 but the page still says New version released and to upgrade to it. Not sure if I should create a bug.

<!-- gh-comment-id:3094478039 --> @mosaati commented on GitHub (Jul 20, 2025): Tried the dev release and renewed right away. Thank you. Just a minor note. Dev version is v2.1.13 (ddd538b5). When I switch the channel to stable the version is v2.1.12 but the page still says New version released and to upgrade to it. Not sure if I should create a bug.

kerem commented 2026-02-28 11:57:34 +03:00

Author

Owner

Copy link

@0xJacky commented on GitHub (Jul 20, 2025):

Tried the dev release and renewed right away. Thank you.

Just a minor note. Dev version is v2.1.13 (ddd538b5). When I switch the channel to stable the version is v2.1.12 but the page still says New version released and to upgrade to it. Not sure if I should create a bug.

This is normal and there's no need to pay attention to it.

<!-- gh-comment-id:3094480644 --> @0xJacky commented on GitHub (Jul 20, 2025): > Tried the dev release and renewed right away. Thank you. > > Just a minor note. Dev version is v2.1.13 (ddd538b5). When I switch the channel to stable the version is v2.1.12 but the page still says New version released and to upgrade to it. Not sure if I should create a bug. This is normal and there's no need to pay attention to it.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

weblate

main

renovate/uuid-14.x

renovate/typescript-6.x

renovate/all-minor-patch

cursor/interface-conversion-error-36ec

cursor/docker-api-stat-path-27ca

cursor/nginx-ui-disk-i-o-3d99

cursor/cloudflare-dns-comments-299c

cursor/access-log-dark-mode-font-dfdc

copilot/fix-ai-chat-title-error

cursor/propfind-method-logging-33b5

cursor/docker-client-version-update-d1b4

copilot/fix-nginx-ui-api-errors

cursor/update-x-forwarded-proto-header-handling-1223

cursor/fix-nginx-ui-issue-1455-gpt-5.1-codex-high-079c

cursor/update-nginx-ui-to-vue-3-gpt-5.1-codex-high-3100

cursor/investigate-nginx-ui-issue-1446-gpt-5.1-codex-high-2be0

v1

v2.3.8

v2.3.7

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.1

v2.2.0-patch.1

v2.2.0

v2.1.17

v2.1.16

v2.1.15

v2.1.14

v2.1.13

v2.1.12

v2.1.11

v2.1.10

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4-patch.1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0-patch.1

v2.1.0

v2.1.0-rc.3

v2.1.0-rc.2

v2.1.0-rc.1

v2.1.0-beta.1

v2.0.2

v2.0.1

v2.0.0

v2.0.0-rc.8-patch.1

v2.0.0-rc.8

v2.0.0-rc.7-patch.6

v2.0.0-rc.7-patch.7

v2.0.0-rc.7-patch.8

v2.0.0-rc.7-patch.5

v2.0.0-rc.7-patch.4

v2.0.0-rc.7-patch.3

v2.0.0-rc.7-patch.2

v2.0.0-rc.7-patch.1

v2.0.0-rc.7

v2.0.0-rc.6-patch.5

v2.0.0-rc.6-patch.4

v2.0.0-rc.6-patch.3

v2.0.0-rc.6-patch.2

v2.0.0-rc.6-patch.1

v2.0.0-rc.6

v2.0.0-rc.5

v2.0.0-rc.4-patch.3

v2.0.0-rc.4-patch.2

v2.0.0-rc.4-patch.1

v2.0.0-rc.4

v2.0.0-rc.3-patch.1

v2.0.0-rc.3

v2.0.0-rc.2

v2.0.0-rc.1-patch.2

v2.0.0-rc.1-patch.1

v2.0.0-rc.1

v2.0.0-beta.42

v2.0.0-beta.41

v2.0.0-beta.40

v2.0.0-beta.39-risefront.6

v2.0.0-beta.39-risefront.5

v2.0.0-beta.39-risefront.4

v2.0.0-beta.39-risefront.3

v2.0.0-beta.39-risefront.2

v2.0.0-beta.39-risefront

v2.0.0-beta.39

v2.0.0-beta.38

v2.0.0-beta.37-patch.5

v2.0.0-beta.37-patch.3

v2.0.0-beta.37-patch.4

v2.0.0-beta.37-patch.2

v2.0.0-beta.37-patch.1

v2.0.0-beta.37

v2.0.0-beta.36

v2.0.0-beta.35

v2.0.0-beta.34

v2.0.0-beta.33

v2.0.0-beta.32-patch.1

v2.0.0-beta.32

v2.0.0-beta.31

v2.0.0-beta.30

v2.0.0-beta.29

v2.0.0-beta.28

v2.0.0-beta.27

v2.0.0-beta.26

v2.0.0-beta.25-patch.2

v2.0.0-beta.25-patch.1

v2.0.0-beta.25

v2.0.0-beta.24

v2.0.0-beta.23-patch.2

v2.0.0-beta.23-patch.1

v2.0.0-beta.23

v2.0.0-beta.22

v2.0.0-beta.21

v2.0.0-beta.20

v2.0.0-beta.19

v2.0.0-beta.18-patch.2

v2.0.0-beta.18-patch.1

v2.0.0-beta.18

v2.0.0-beta.17

v2.0.0-beta.16

v2.0.0-beta.15

v2.0.0-beta.14

v2.0.0-beta.13-patch

v2.0.0-beta.13

v2.0.0-beta.12

v2.0.0-beta.11

v2.0.0-beta.10-patch

v2.0.0-beta.10

v2.0.0-beta.9

v2.0.0-beta.8-patch

v2.0.0-beta.8

v2.0.0-beta.7

v2.0.0-beta.6-patch.2

v2.0.0-beta.6-patch

v2.0.0-beta.6

v2.0.0-beta.5-patch

v2.0.0-beta.5

v2.0.0-beta.4-patch

v2.0.0-beta.4

v2.0.0-beta.3

v2.0.0-beta.2

v2.0.0-beta.1

v1.9.9-4

v1.9.9-3

v1.9.9-2

v1.9.9

v1.9.9-1

v1.8.4-patch

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.9

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0-patch

v1.7.0

v1.6.8

v1.6.7

v1.6.6

v1.6.5

v1.6.3

v1.6.2

v1.6.1

v1.6.0-fix

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.5.0-beta9

v1.5.0-beta8

v1.5.0-beta7

v1.5.0-beta6

v1.5.0-beta5

v1.5.0-beta4-fix

v1.5.0-beta4

v1.5.0-beta3

v1.5.0-beta2

v1.5.0-beta1

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc1

v1.3.3-rc1

v1.3.2

v1.3.1-fix

v1.3.1

v1.3.0

v1.3.0-rc1

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc.3

v1.2.0-rc.2

v1.2.0-rc.1

v1.2.0-alpha.4

v1.2.0-alpha.3

v1.2.0-alpha.2

v1.1.0

Labels

Clear labels   

Q/A

  

bug

  

casdoor

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

help wanted

  

invalid

  

lego

  

platform:openwrt

  

platform:windows

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

Q/A

bug

casdoor

dependencies

docker

documentation

duplicate

enhancement

help wanted

invalid

lego

platform:openwrt

platform:windows

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-ui#3751

No description provided.