lego: Time Limit Exceeded with CloudFlare DNS

Hi,

I’m trying to use a DNS challenge with CloudFlare, but am getting: Time limit exceeded. Last error: NS laura.ns.cloudflare.com. did not return the expected TXT record

However, if I use dig to get the relevant TXT entry, it works (in real life I’m using the correct domain, not myhost.mydomain.com):

> dig _acme-challenge.myhost.mydomain.com txt @laura.ns.cloudflare.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> _acme-challenge.myhost.mydomain.com txt @laura.ns.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27257
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.myhost.mydomain.com. IN	TXT

;; ANSWER SECTION:
_acme-challenge.myhost.mydomain.com. 120 IN	TXT	"<redacted>"

;; Query time: 368 msec
;; SERVER: 173.245.58.183#53(173.245.58.183)
;; WHEN: Thu Sep 21 13:49:17 IDT 2017
;; MSG SIZE  rcvd: 116

My Caddy version:

> caddy -version
Caddy 0.10.9

What am I missing? Thanks!

About this issue

Original URL
State: closed
Created 7 years ago
Reactions: 1
Comments: 38 (10 by maintainers)

Most upvoted comments

Ok, here’s what I did:

Upgraded to 17.10
Removed deprecated resolvconf package
The upgrade overrides the symlink, so I changed it from /run/systemd/resolve/stub-resolv.conf (which contains only the evil 127.0.0.53) to /run/systemd/resolve/resolv.conf (which only contains the correct DNS server, without the evil local one).

Great success!!!

OnFreund on Nov 7, 2017

@xenolf, OnFreund’s logs shows [10.10.1.1:53, 127.0.0.53:53] for the propagation check. Do you know whether one or both must succeed to pass the propagation check?

@boxofrox one of them has to return the right record. It will try them in order as can be seen here.

xenolf on Nov 6, 2017

Sure. I’ll give it a try next week and will update here.

OnFreund on Oct 1, 2017