Help understanding how ACME validates domains on Cloudflare

[bawjaws]

Hi!

I'm trying to setup the ACME plugin on my OPNSense box (running the latest 25.1-amd64) to generate a cert for one service I want to expose to the internet. My DNS provider is Cloudflare and I'm following the tutorial at https://www.zenarmor.com/docs/network-security-tutorials/how-to-change-self-signed-certificates-with-ca-signed-certificate-on-opnsense

When I follow this tutorial and try to generate the cert, I get an error saying that domain verification failed. Upon reading some other posts on this forum, it was suggested to manually create the _acme-challenge TXT record on cloudflare, which I done using "test" as the text.

I assumed that the ACME plugin would use the API credentials to edit this TXT record with some random txt string and then verify it, but it doesn't seem to have done that - the original "test" is still present in the TXT record, and now says that the domain is validated and the certificate is issued.

Is this the way it's supposed to work? Has it actually verified the domain properly?

Kevin

[kingamajick]

Were you able to verify your token as detailed here? https://developers.cloudflare.com/fundamentals/api/get-started/create-token/

[bawjaws]

Yes, that comes back as valid and active

[bawjaws]

Seems to be working as expected now without me doing anything (I think!)