我不断收到 Cloudflare API:超出总记录大小限制,但找不到有关它的更多信息。
我正在使用带有 cloudflare 插件的 certbot 自动创建 TXT 内容,但即使我尝试手动添加 TXT 记录也会出现相同的错误:名称:_acme-challenge.example.co.uk 内容:PzbhiEKiP0juIIf6kqzJQnuIzfSLCOjFw67UV1dssy0
certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/certbot/cloudflare.ini -d example .co.uk -d www.example .co.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Requesting a certificate for example .co.uk and www.example .co.uk
Performing the following challenges:
dns-01 challenge for example .co.uk
dns-01 challenge for www.example .co.uk
Encountered CloudFlareAPIError adding TXT record: 83011 Total record size limit exceeded.
Cleaning up challenges
Error communicating with the Cloudflare API: Total record size limit exceeded.
奇怪的是,当我使用另一个 TLD 时,它可以工作。
2022-01-10 19:39:21,720:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-01-10 19:39:21,721:INFO:certbot._internal.auth_handler:dns-01 challenge for example .co.uk
2022-01-10 19:39:21,721:INFO:certbot._internal.auth_handler:dns-01 challenge for www.example .co.uk
2022-01-10 19:39:21,727:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.cloudflare.com:443
2022-01-10 19:39:22,994:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 “GET /client/v4/zones?name=example .co.uk&per_page=1 HTTP/1.1” 200 None
2022-01-10 19:39:22,996:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Found zone_id of 123 for example .co.uk using name example .co.uk
2022-01-10 19:39:22,996:DEBUG:certbot_dns_cloudflare._internal.dns_cloudflare:Attempting to add record to zone 123: {‘type’: ‘TXT’, ‘name’: ‘_acme-challenge.example.co.uk’, ‘content’: ‘PzbhiEKiP0juIIf6kqzJQnuIzfSLCOjFw67UV1dssy0’, ‘ttl’: 120}
2022-01-10 19:39:24,124:DEBUG:urllib3.connectionpool:https://api.cloudflare.com:443 “POST /client/v4/zones/123/dns_records HTTP/1.1” 400 None
2022-01-10 19:39:24,125:ERROR:certbot_dns_cloudflare._internal.dns_cloudflare:Encountered CloudFlareAPIError adding TXT record: 83011 Total record size limit exceeded.
2022-01-10 19:39:24,127:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_dns_cloudflare/_internal/dns_cloudflare.py”, line 116, in add_txt_record
self.cf.zones.dns_records.post(zone_id, data=data) # zones | pylint: disable=no-member
File “/usr/lib/python3/dist-packages/CloudFlare/cloudflare.py”, line 686, in post
return self._base.call_with_auth(‘POST’, self._parts,
File “/usr/lib/python3/dist-packages/CloudFlare/cloudflare.py”, line 126, in call_with_auth
return self._call(method, headers, parts,
File “/usr/lib/python3/dist-packages/CloudFlare/cloudflare.py”, line 502, in _call
raise CloudFlareAPIError(code, message)
CloudFlare.exceptions.CloudFlareAPIError: Total record size limit exceeded.
这是我的 DNS 的导出
example.com 3600 IN SOA example.com root.example.com 2039433416 7200 3600 86400 3600
;; A Records
example.com. 1 IN A 1.22.33.444
;; CNAME Records
autodiscover.example.com. 1800 IN CNAME autodiscover.outlook.com.
enterpriseenrollment.example.com. 1800 IN CNAME enterpriseenrollment.manage.microsoft.com.
enterpriseregistration.example.com. 1800 IN CNAME enterpriseregistration.windows.net.
pm-bounces.example.com. 1 IN CNAME pm.mtasv.net.
selector1._domainkey.example.com. 3600 IN CNAME selector1-web2works-co-uk._domainkey.web2works.onmicrosoft.com.
selector2._domainkey.example.com. 3600 IN CNAME selector2-web2works-co-uk._domainkey.web2works.onmicrosoft.com.
www.example.com. 1 IN CNAME example.com.
;; MX Records
example.com. 1 IN MX 0 example-com.mail.protection.outlook.com.
;; TXT Records
20190416133212pm._domainkey.example.com. 1 IN TXT "k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJvupa01CPpFWTjaNw3IrF2jYQ0GI8PIHHX0lBxtUf7X1hTl9pNOBDXIk/ebbsB2wu2w5hu1yYC4jMpnPObCjaBIXZhrGS8zXnCgYFqr3RaHIOrgBhxjzLSM8WMAKMw9n7zEFakE5xpXZ5Jvh9aKwi61whwtY7FIfl86TsgT3HWwIDAQAB"
_dmarc.example.com. 1 IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"
example.com. 1 IN TXT "v=spf1 include:spf.protection.outlook.com -all"