Unexpected _acme-challenge TXT records
You might notice TXT records like
_acme-challenge.<hostname> are returned by your domain but cannot be found on the DNS tab of your Cloudflare dashboard.
These records are automatically created to allow Cloudflare edge certificates (universal, advanced, and backup) to be provisioned.
_acme-challenge records are required by certificate authorities (CAs) so that they can verify your domain ownership before issuing the SSL/TLS certificate. For details, refer to Domain control validation (DCV).
As these records are tied to the certificates, they cannot be deleted from the DNS tab of your Cloudflare dashboard.
If you need more
_acme-challenge.<hostname> TXT records in order to provision certificates on your side, you can manually add them under DNS records ↗.
If you want to remove these records:
- Disable Universal SSL to remove the records related to universal and backup certificates.
- Delete advanced certificates to remove the records related to advanced certificates.
