The issue with these Edge Certificates by Cloudflare is that if enabled, Cloudflare also obtains certificates for the domain. To do so, Cloudflare also uses the ACME DNS-01 challenge just as our custom domains service does. We have observed now multiple times that sometimes Cloudflare fails to clean up the TXT records it sets and these then interfere with our custom domains service as Let’s Encrypt does not follow the redirect (CNAME to _acme-challenge.your-domain.com.icp2.io) but just checks the TXT set by Cloudflare, which is obviously wrong. Since Cloudflare cleans up the records most of the time, it seems a bit random that all of a sudden the domain stops working.
4 Likes