Can't verify sslforfree with '*'


#1

I am trying to set-up sslforefree to work with all subdomains and subsubdomains but I am asked to add a TTL to a TXT setting of 1 second, but the minimum is 2 minutes so I am unable to do it. How would I get around this? Is it possible to add a TTL of 1 second?


#2
  1. No, you won’t be able to lower TTL below 120 seconds.
  2. I don’t see how SSLforfree can do a wildcard sub-subdomain (*.*.example.com). What are you typing in to do this?
  3. The same mechanism exists in Cloudflare’s Crypto settings page under the Origin Certificates section.

#3

I type in `hopp.ga .hopp.ga staff..hopp.ga. Sorry, I only need staff as a sub-sub-domain


#4

Cloudflare has it’s own free SSL?


#5

Says I need to get a Business account ):


#6

Ah, got it. That’s “legal.”

It sounds like you’re trying to generate an SSL certificate for your web server. I presume it’s using Cloudflare and is set to :orange:. On second thought, if you’re using Wildcards, you can’t set wildcard subdomains to :orange: and will need a globally recognized cert like Let’s Encrypt.

I can’t think of a workaround for this…other than to temporarily use some other DNS service that supports a low TTL.


#7

How would it be illegal? Yes, it is using Cloudflare and I am very new to hosting. My friend told me it was best to not have it set to the yellow cloud, but I don’t know what it does.


#8

Not “legal” in a law sense, but it’s allowed by certificate issuers.

Without using :orange:, you’re not using many of Cloudflare’s features. :grey: means you’re using DNS-only. Right now, it doesn’t even look like you’re using Cloudflare DNS, so you’re free to switch to some other DNS that allows such a low TTL.


#9

I am using Cloudflare DNS. What other DNS do you reccomend?


#10

You’d have to look around for someone who supports such a low TTL. I’ve used Hurricane Electric (he.net), but their minimum TTL is 5 minutes.

Have you tried going through that DNS verification process with a 2 Minute TTL?
Or contacting their support to get some help with this?


#11

SSL For Free recommends using a lower TTL, but it’s not necessary. You can ignore it.

Let’s Encrypt’s own resolvers don’t currently cache anyway, so even a very high TTL wouldn’t really be a problem, as long as the authoritative servers were serving the right records.


#12

It’s alright I got it fixed. The maximum TTL for sslforfree is 2 minutes. After that it times out


#13

It’s alright I got it fixed. The maximum TTL for sslforfree is 2 minutes. After that it times out


closed #14

This topic was automatically closed after 30 days. New replies are no longer allowed.