Can't verify sslforfree with '*'

I am trying to set-up sslforefree to work with all subdomains and subsubdomains but I am asked to add a TTL to a TXT setting of 1 second, but the minimum is 2 minutes so I am unable to do it. How would I get around this? Is it possible to add a TTL of 1 second?

  1. No, you won’t be able to lower TTL below 120 seconds.
  2. I don’t see how SSLforfree can do a wildcard sub-subdomain (*.* What are you typing in to do this?
  3. The same mechanism exists in Cloudflare’s SSL/TLS settings page under the Origin Certificates section.

I type in ` Sorry, I only need staff as a sub-sub-domain

Cloudflare has it’s own free SSL?

Says I need to get a Business account ):

Ah, got it. That’s “legal.”

It sounds like you’re trying to generate an SSL certificate for your web server. I presume it’s using Cloudflare and is set to :orange:. On second thought, if you’re using Wildcards, you can’t set wildcard subdomains to :orange: and will need a globally recognized cert like Let’s Encrypt.

I can’t think of a workaround for this…other than to temporarily use some other DNS service that supports a low TTL.

How would it be illegal? Yes, it is using Cloudflare and I am very new to hosting. My friend told me it was best to not have it set to the yellow cloud, but I don’t know what it does.

Not “legal” in a law sense, but it’s allowed by certificate issuers.

Without using :orange:, you’re not using many of Cloudflare’s features. :grey: means you’re using DNS-only. Right now, it doesn’t even look like you’re using Cloudflare DNS, so you’re free to switch to some other DNS that allows such a low TTL.

I am using Cloudflare DNS. What other DNS do you reccomend?

You’d have to look around for someone who supports such a low TTL. I’ve used Hurricane Electric (, but their minimum TTL is 5 minutes.

Have you tried going through that DNS verification process with a 2 Minute TTL?
Or contacting their support to get some help with this?

SSL For Free recommends using a lower TTL, but it’s not necessary. You can ignore it.

Let’s Encrypt’s own resolvers don’t currently cache anyway, so even a very high TTL wouldn’t really be a problem, as long as the authoritative servers were serving the right records.

1 Like

It’s alright I got it fixed. The maximum TTL for sslforfree is 2 minutes. After that it times out

1 Like

It’s alright I got it fixed. The maximum TTL for sslforfree is 2 minutes. After that it times out

This topic was automatically closed after 30 days. New replies are no longer allowed.