Certificate Renewal Error

I received an email saying I had to renew my certificate for cloudflare for my domain. I added the CNAME record to my website hosting provider, but I’m not sure I did it correctly – when I go to the certificate approval link in the email it says that “An error occurred while attempting to validate your domain. Please try again later or contact support for assistance.”
Here is the record I was told to add (minus the ``):

_ca3-5(CUTTING THIS OUT IN CASE ITS PRIVATE)mydomainname.com CNAME dcv.digicert.com

When adding the CNAME record I put _ca3-5(CUTTING THIS OUT IN CASE ITS PRIVATE)mydomainname.com in the field for “name” and dcv.digicert.com in the “target” field and the TTL number defaulted to 1800. Did I add this incorrectly?

I’m down to renew the certificate in a different way if that’s easier; it is a wordpress website hosted by Hostinger.

Here is a slightly more accurate version of my post in case the “.www.” in front of the domain name was relevant!

Here is the record I was told to add:

_ca3-5(CUTTING THIS OUT IN CASE ITS PRIVATE).www.mydomainname.com CNAME dcv.digicert.com

When adding the CNAME record I put _ca3-5(CUTTING THIS OUT IN CASE ITS PRIVATE).www.mydomainname.com in the field for “name” and dcv.digicert.com in the “target” field and the TTL number defaulted to 1800. Did I add this incorrectly?

I’m down to renew the certificate in a different way if that’s easier; it is a wordpress website hosted by Hostinger.

You shouldn’t enter mydomainname.com in the name field, it is automatically added.

So you would only enter _ca3-5(CUTTING THIS OUT IN CASE ITS PRIVATE).www.
You should also make sure that record is set to DNS-only.

1 Like

Would I still have the .www at the end of it? Or does that get cut too since it’s part of the domain?

Either way, with or without the .www it doesn’t work. It doesn’t seem like Hostinger gives you an option to change between DNS-only or proxied. See the screenshot with the red scribbles for what I currently have.

I found what seems to be the CNAME record for the last certificate, so I tried to replicate that exactly (except with the new name field). See the screenshot with the blue scribbles.

If you are using Cloudflare, you need to create the record in Cloudflare, not in your Hostinger interface.

Also, I’ve already answered the question regarding the www:

It would also help if you did not hide your domain or parts of the record. Nothing about it is private.

1 Like

Okay, thank you! I’ll post it uncensored along with the original email. It looks like I need to do it in Hostinger though.

I have honestly no idea why that record isn’t working. I can find the 3 hostingermail records, but not the _ca3 record.

Right now you aren’t using Cloudflare for your domain. Is that only temporary because of the expired certificate? The 301 redirect from www.theratmotel.com to theratmotel.com seems a bit weird to me, I would expect this the other way around.

But I must apologize, it seems to be correct after all that you need to manage your DNS records in Hostinger.

1 Like

I just went back onto Hostinger and somehow the version of the record with the .www got deleted, and there’s just the version without it. Above it is the original record which I am assuming Hostinger automatically added when I originally registered with Cloudflare through Hostinger (as a partner).

I was not aware that I should be using Cloudflare for my domain. I was just looking into switching it over but I couldn’t figure out how to get it to import my DNS records. Hostinger doesn’t seem to have an option to export them in a file. I could add them all again manually of course, but I’m not even sure why I would be moving it over. I initially bought the domain through GoDaddy where I still have it until 2030. Would I have to start paying for it if I switch it over to Cloudflare?

(By the way, the certificate expires next month so as far as I know I’m still using Cloudflare through Hostinger since they’re a partner.)

Is this the record you are referring to? Would you recommend changing it, and if so how?

Ahh well, that explains why I couldn’t find the record. I can find the version without www, but that’s not gonna help you much.

dig +short _ca3-53c5afeec6104e978e9692450edb54b0.theratmotel.com

Now, I’ve never used Hostinger and am certainly not an expert, but the following makes me a bit skeptical:
Your screenshot shows that you were asked to add a CNAME record for _ca3-53c5afeec6104e978e9692450edb54b0.www.theratmotel.com. This would let Cloudflare create a certificate for www.theratmotel.com.

However, when I visit www.theratmotel.com, I am getting redirected to theratmotel.com. And more importantly, this is the certificate used for the redirect:

 Server certificate:
*  subject: CN=theratmotel.com
*  start date: Jul 28 14:50:00 2023 GMT
*  expire date: Oct 26 14:49:59 2023 GMT
*  subjectAltName: host "www.theratmotel.com" matched cert's "www.theratmotel.com"

This is clearly not the Certificate that Cloudflare uses for your domain and which you are trying to renew here. Both the expire date and the subject (common name) are different.

Because of that, I think you are currently not using Cloudflare, and thus don’t even need to renew the certificate you are trying to renew here.

In your previous post it said:

It very much looks like that hostname is not in use currently (at least not with Cloudflare).

1 Like

Thanks so much for doing all this digging! are you saying that CF’s certificate for www.theratmotel.com is the one that is about to expire and I can let that expire because - it’s already redirecting www.theratmotel.com straight to theratmotel.com anyway

But are you saying that it looks like theratmotel.com is or is not using CF? It says the domain is active when I log in, and it seems like I can access all the features:

I think part of the issue may be that I set CF up on the Hostinger website, which is a feature I think Hostinger/CF no longer offers. There used to be an easy access Cloudflare section of the Hostinger dashboard, but now all I can find are Hostinger articles to just set up CF by pointing your nameservers to CF manually. Looks like Hostinger has started their own proprietary CDN which would probably explain why they’ve discontinued the easy connection.

So my nameservers are pointing to Hostinger though, not CF, so if I AM still successfully using CF, as the screenshot seems to indicate, I guess that means that I am grandfathered in somehow - Hostinger is still routing me through to CF.

Should I just change the nameservers to CF and manually re-add all the DNS records as-is from Hostinger (it seems like normally CF would try to import them but it’s not giving me this option now)? Or does it seem like the domain is already going through CF and I should just let it go?

Well, while trying to figure out what the process of switching to a full CF setup would be like, I accidentally did so. Like I suspected, it didn’t give me an option for the CF scan and auto-import. Do I need to just add all of the DNS records that I had on hostinger, exactly as they originally were?

Ended up just contacting Hostinger support and they walked me through it - I just manually added all the DNS records (other than the AAAA ones they said were redundant to the A records) that I originally had on Hostinger. Seems like everything is up and running. Thanks so much for all of your help!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.