I’ve been having problems with generating a wildcard cert for a week now.
Initially I thought it’s due to the limit of Let’s Encrypt but then crt.sh and letsdebug.net showed that it’s not so here I am.
I have two apps that share the same domain, one app is for the wildcard (*.domain.com), and the other app is (domain.com). I have DNS with Cloudflare, and I can see that the records are correct using dig -t CNAME _acme-challenge.domain.com.
This may have been a conflict between the example.com on one app and *.example.com on another. The wildcard is currently waiting for a rate limit to clear on Lets Encrypt, but it’s possible it’ll issue in an hour or so. We’ll double check tonight or tomorrow!
Certs aren’t generated still. I tried cleaning up conflicts but it’s no effect. Anything I can do? Or is there a person who can look into Let’s Encrypt logs and see what’s up?
Have you added any required TXT records to prove ownership? I remember I get hit with a sharp edge where I was issuing certificates, could have been wildcard, via the CLI and it wasn’t returning the key I needed to add to my DNS records.
If you’ve used the CLI to try and add them, switch to the GUI instead and try issuing it through that. It might provide more feedback.
I have both CNAME and TXT records pointing to fly.io. I had a TXT_acme-challenge record that pointed elsewhere but I cleaned it up to no effect. CNAME had a proper value all this time.