Issue Could not issue/renew Let`s Encrypt certificates

[tanasis]

Server operating system version

AlmaLinux 8.6

Plesk version and microupdate number

18.0.44

Hello,
i have some domains in Cloudflare.
The 1st SSL installation was OK.
The 1st renew have problem...
Please check the email i get....

 

[Bitpalast]

See the error message regarding the TXT record: You'll need to correct the ACME TXT record for the certificate in your nameserver. The correct TXT record can be seen in the SSL section of the "websites & domains" menu.

 

[tanasis]

@Peter Debik , the 1st installation was OK.
The renew have problem. Not only for this domain, but for all domain im using in Cloudflare.

 

[Bitpalast]

When you do not use the built-in nameserver in your host, your host cannot update the TXT record for your SSL wildcards. In that case you must update their TXT records manually every three months. As that has not been done, SSL fails to renew, because the TXT record does not match the token that the Let's Encrypt trust center expects to validate domain ownership.

 

[tanasis]

This is a big problem. Think you have 200 websites in Cloudflare... You have to do this manually every 89 days!

 

[mow]

Can't be helped, validation for wildcard domains requires the TXT record in DNS as you have to prove more control over the host than with just a single domain.
Otherwise, with well-known only, you could generate a cert valid for subdomains outside of the scope belonging to you, so you have to prove that you could mess with their dns anyway as to enable you to get certs for any subdomain possible.