Changed to new IP right after making Cloudflare account, certificate pending validation txt for longer than 24h

I first signed in my Cloudflare account, set my domain name and asked for my Universal Certificate for *,
Right after that i changed my website host (and IP address).
I had to reset my dns settings and I am experiencing certificate pending validation txt for longer than 24h.Does this longer waiting time maybe means that there is an error in the request IP and Dns addresses?

Is the certificate pending on the Cloudflare side, or at the new host?

Truthfully I’m not sure where to go either way, but it could be either from what you’ve described. Some hosts are a bit silly and wait until they see their IP address(es) in DNS.

Hello Dave,

Thanks for your reply. I can just see Pending Validation (TXT) message, how can i understand form which side it is pending?

That domain is not configured to use Cloudflare, but has it’s name servers pointed to:

Another thing also worth mentioning, is that this domain currently have DNSSEC enabled:

You NEED to remove that DNSSEC configuration through the domain registrar first, and then wait at least 48 - 96 hours, and then change the name servers to Cloudflare.

Thanks for your reply.
I did both operations, is there a way to check that everything is set up correctly and my website will be reachable again?

There are various DNS (health/quality) checkers out there, with varying quality.

Typically, I would lean directly to the registrar/registry, e.g. EURid for .eu domains, to see if everything adds up (properly) there:

EURid Whois -

Can eventually be compared with:
EURid Whois -

As you see no DNSSEC on your domain (compared to, it indeed looks to be looks disabled in the parent registry, which this site confirms:

DNSSEC Analyzer -

No DS records found for in the eu zone

Currently, the domain is delegated to these two name servers

and if they are a 100% match, to ones that Cloudflare provided to you, then everything looks good from here.

The reason you needed to disable DNSSEC first, is because Cloudflare does not hold the private key files for the DNSSEC set up that e.g. Mijndomein used.

You can, if you wish, (and which isn’t actually a bad idea), enable DNSSEC within Cloudflare, and then the DNSSEC data Cloudflare provides you, you add that through Mijndomein. Doing this, you want to make sure you do things 100% as told, because if there are one or more mismatches, your domain would stop working in many locations worldwide.

But all together, in it’s current shape, your domain looks fine (assuming the name servers above.are the exact ones Cloudflare provided you with).

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.