Cannot connect via ssl to newly registered site

I have universal ssl activated. In SSL/TLS > Edge Certificates the certificate for my site is constantly in state “Initializing (Error)”. I have tried to disable and enable Universal SSL several times and it switches to state “Initializing” for a few seconds, but after that it displays the same error.
Any idea on how to fix that?

I am having the exact same issue on two sites I just added. Both had Let’s Encrypt Certificates before.

nevermind, it just took abount an hour.

I made the mistake of changing my DNS so Cloudflare was the first two DNS entries and my original DNS was the second two figuring if Cloudflare DNS had a problem I’d have a failover.

I think that caused issues. As when I did an nslookup the next day, the domains were still resolving to the origin server. So I removed the 3rd and 4th DNS entries. The update propagated in an hour but even though the two websites are configured identically, same server, same SSL provider (LetsEncrupt), one of the domains the Universal SSL cert has initialization failure and disabling Universal SSL for about 10 minutes then enabling the cert still is showing an “internal error” at LetsEncrypt.

I’m concerned this is causing issues for my users. Interestingly I was able to launch a browser and bring up the site with valid SSL but later it went back to the CYPER_MISMATCH error so it is almost like my ISP (and lets encrypt) still haven’t gotten the full DNS server updates possibly so my best guess is for some reason one of the two domains when it went to LetsEncrupt to get the Unversal SSL, it didn’t see the A record pointing to the Cloudflare server yet. Yet for many end-user ISPs like myself, they DID get the DNS server change and they are routing to Cloudflare.

I’m just wondering should I just wait and hour or two more? I can’t afford to have potential customers not access my website for a day. Seems the safest thing to do would be to change the DNS back to the original servers, let that propagate overnight, then next day switch to exclusively Cloudflare servers and let that propagate overnight. That would ensure all hosts aren’t using the 4 DNS server setup I originally tried.

Well I guess third time is a charm. After about a half hour with Universal SSL turned off I tried turning it back again and now I have an active edge certificate. Yay! My guess is that there’s some sore of rate limiting feature on the Cloudflare or LetsEncrupt side that only lets you request a cert for the same domain so often as to not overload the server with multiple requests in a short time frame.

I’m afraid that wouldn’t work. The documentation states very explicitly that you need to remove your old nameservers:

Yes, LetsEncrypt does rate limit certificate requests.

1 Like