Can I get Support on a Site with pending certificate for 48 hours

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?
Yes, I’ve tried pausing and starting cloudflare coverage, changing to flexible (as it is a godaddy registrared domain, recently moved over from google.)

Please share your search results url:
I can not seem to get the website to work with https:// domain or www dot therealelite (page rules are set up) I have 17 other domains i have no problem with.

When you tested your domain, what were the results?
I’ve tested but consistently get the error… ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Describe the issue you are having:
Website won’t show up and has the following error i get and the edge certificate has said pending for over 48 hours. ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What error message or number are you receiving?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What steps have you taken to resolve the issue?

  1. Ensured i have the name servers correct, (non https works fine but not https)
  2. Paused Coverage on Cloudflare for 24 hours then turned back on using the “Pause Cloudflare”
  3. Watched a bunch of youtube videos none of which seem to solve the problem.

Was the site working with SSL prior to adding it to Cloudflare?
It may have been, it was with a client who had moved it from a google site to godaddy.

What are the steps to reproduce the error:

  1. Just go to the above mentioned site (i’m new and can’t keep putting it in.) use https in front.

Have you tried from another browser and/or incognito mode?
Yes I’ve tried clearing all cache and everything.

Please attach a screenshot of the error:

You have a DNSSEC issue…
https://cf.sjr.org.uk/tools/check?848a222fdab5430bb203f1c218df4558#dns

You need to either disable DNSSEC at your registrar, or enable it at Cloudflare and copy the DS records to your registrar from your dashboard here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

4 Likes

Thank you for the response. I’ve never used DNSSEC on a domain before. I wonder if it was turned on from when it was a Google domain originally. If that is the case, should I go back to google or is enabling it at cloudflare then copying the DS record over to Godaddy an easier solution. And will this complicate my domain management to have DNSSEC on?

There’s no reason to go back to Google. Either delete the DNSSEC records at Godaddy (to stop using DNSSEC), or change them to the ones from Cloudflare.

2 Likes

Ok thanks I went ahead and Added the DNSSEC from cloudflare over to Godaddy, its still not working, but i’m assuming it just needs some time to propogate? Or should it be immediate?

1 Like

It may take up to 24 hours to propagate due to the long TTL on DS records.

1 Like

Ok thanks so much for your advice, greatly appreciated!

1 Like

Just wanted to say thanks copying the DS records into Godaddy worked great, after about 12 hours everything is working as hoped.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.