Stuck on “Awaiting certificates” for wildcard domain

I’ve been having problems with generating a wildcard cert for a week now.

Initially I thought it’s due to the limit of Let’s Encrypt but then crt.sh and letsdebug.net showed that it’s not so here I am.

I have two apps that share the same domain, one app is for the wildcard (*.domain.com), and the other app is (domain.com). I have DNS with Cloudflare, and I can see that the records are correct using dig -t CNAME _acme-challenge.domain.com.

Anyone knows what might be up?

This may have been a conflict between the example.com on one app and *.example.com on another. The wildcard is currently waiting for a rate limit to clear on Lets Encrypt, but it’s possible it’ll issue in an hour or so. We’ll double check tonight or tomorrow!

@kurt Thanks! Certs aren’t generated still. Is there anything else I can do to make it work?

Certs aren’t generated still. I tried cleaning up conflicts but it’s no effect. Anything I can do? Or is there a person who can look into Let’s Encrypt logs and see what’s up?

Have you added any required TXT records to prove ownership? I remember I get hit with a sharp edge where I was issuing certificates, could have been wildcard, via the CLI and it wasn’t returning the key I needed to add to my DNS records.

If you’ve used the CLI to try and add them, switch to the GUI instead and try issuing it through that. It might provide more feedback.

Can you check your DNS settings and see if you have a TXT record configured for _acme-challenge.<domain>?

I’m seeing different TXT responses from here for what I think your domain is: https://www.whatsmydns.net/

When I check the target of the cname (our hostname), they’re all the same. This makes me think there might be a txt record.

Thanks @kurt and @sam.

I have both CNAME and TXT records pointing to fly.io. I had a TXT _acme-challenge record that pointed elsewhere but I cleaned it up to no effect. CNAME had a proper value all this time.

@Kuanysh From memory you should have the challenge and the CNAME set