I am not using cloudflare proxy (yet), but my certificate expired today and it was not automatically renewed. I deleted the certificate, and created it again twice, but it’s still sitting there waiting for the certificate to be issued, though domain verification is done.
I’ve seen on old forum posts that this could be because too many certificates were issued to the same domain name and exhausted the limit. If that’s the case I’m not sure how as I haven’t updated the site in a week or so and other than trying to create a certificate a couple of times today when it didn’t work I don’t know why it would have been attempted too many times.
Does anyone have any ideas that I can check or will I need a fly.io employee to handle it like I’ve seen in previous posts?
It looks like the certificate renewal is failing because there are extra/incorrect TXT records under _acme-challenge.manzanobranch.org. Fly uses Let’s Encrypt DNS-01 validation for wildcard certs, and Let’s Encrypt requires exactly one TXT record that matches the challenge.
I’d log into Porkbun and delete any old or duplicate TXT entries, and leave only the one Fly expects. After DNS propagation, you could then re-run fly certs check *.manzanobranch.org to confirm issuance. This isn’t a Let’s Encrypt rate limit problem right now, it’s just a DNS validation mismatch issue.