Cloudflare takes my website offline

Your connection isn’t private

Attackers might be trying to steal your information from **** (for example, passwords, messages or credit cards).


I have a valid Let’s Encrypt certificate installed on the server -

But when I connect Cloudflare to my website, after a few minutes, my website goes down. I can get it online only if I pause Cloudflare.

I checked my website against SSL Shopper and it seems to still refer to an old expired certificate from 2022 -

This certificate and the key still exists on my server if I check through cpanel - could this be the reason why the old certificate is still linked to my website?

I am new to SSL and Cloudflare, so I am really confused as how to proceed.

Thank you

¡Feliz 2023!

There’s a useful wizard for TLS issues.

To access the wizard, visit and select “Technical Issue - Website” and then “SSL” and follow the prompts.

Hope this helps.



Brilliant. I did just as the wizard asked and this is what I got:



Challenge update failures for in order

acme: error code 403 “urn:ietf:params:acme:error:unauthorized”: Incorrect TXT record “1_IGqtENjNs5NwNuAdo_D8gg7aQ0zTHm5q3aAb_A5EY” (and 1 more) found at

How do I fix this please? Or is this not an error?

And if this is not an error, why is SSL Shopper / Cloudflare pointing to an expired certificate?

Please try a few different Encryption modes · Cloudflare SSL/TLS docs if that doesn’t help then try Troubleshooting Universal SSL · Cloudflare SSL/TLS docs
Hope this helps.

There’s not that many. If the OP does not use SSL, it should be Off, otherwise Full Strict.

I have tried all modes, removed the domain from Cloudflare and added it back in and nothing works. If I pause Cloudflare, the site comes back up.

My Edge certificate still shows as Pending. Its been few hours since I added the domain and I cannot see how to speed it up. But this will affect what’s going on? - See image for details. I can’t see anything obviously wrong, except it has been saying Pending validation since I added the domain few hours ago.

My hosting support team are telling me that Cloudflare is somehow still referring to an expired Let’s Encrypt certificate. Not sure how I can verify this. They are also suggesting I switch the nameservers to their servers for 24 hours and switch it back. Will this make a difference?

Both of those seem like nothing but time wasters.

I was going to ask you to check you Cloudflare DNS for the two TXT records, but your whois indicates that your Cloudflare account is not currently active.

Your Cloudflare edge certificate will never issue as long as your whois shows the following nameservers are assigned at your registrar:


You must use the assigned Cloudflare nameserver pair and only the assigned Cloudflare nameservers in order to acquire your Universal SSL certificate.

Once you are using your assigned Cloudflare nameservers, it will possible to continue troubleshooting.

1 Like

I came across a detail that might shed some light on what is happening here,

Can you look in your Cloudflare DNS to see if you have NS records created for

It appears there is some Greengeeks documentation that suggests delegating _acme-challenge records to their nameservers. They may have written it with good intentions before Cloudflare was using Let’s Encrypt and DNS-01 challenges in their Universal SSL issuance, but following those guidelines will break your Cloudflare Universal SSL with absolute certainty.

If Greengeeks has an option that allows for self-service installation of an SSL certificate, you may want to install a Cloudflare Origin CA certificate.

1 Like

That’s generally not a good idea, as you will make your site insecure if you switch to the legacy modes. Make sure you are on Full Strict. As for the issue →

1 Like


I did have the Cloudflare’s nameservers in place before Greengeek’s support team instructed me to change it. They also asked me to disable proxy for the A record, which I did. And as you say, its a wasted exercise as I knew the website works if you remove Cloudflare servers from the registry and disabling the proxy makes no visible difference. Anyway, I am the mercy of people who know better - so have to jump through their hoops.

Within Cloudflare, these are my DNS settings:
I have repointed my Cloudflare nameservers now.

And I do have NS records for _acme-challenge in my DNS entries - see image above. Should I delete these? And yes, I can install the origin server certificate on my server.

But good news is that my website is up and running! Not sure how!

Now that my website is up, I realised I had a plugin on my wordpress website called Super Page Cache for Cloudflare. I have disabled this as I am worried it was clashes with Cloudflare’s settings. I had added this to increase performance on the website a while ago.

Now my SSLShopper is clean - SSL Checker (

But there is an issue reported by Let’s debug - Let’s Debug (

This is like a “Kill-the-mole-game” :rofl:

I understand how it could feel that way when you have been trying random actions in the hope of finding one that worked.

The NS records that delegate your _acme-challenge record to the Greengeeks nameservers are at the heart of this specific issue. Greegeeks suggests that configuration so they can use a DNS-01 challenge to issue Let’s Encrypt certificates for your origin. This conflicts with Cloudflare needing to do the same thing for your edge certificates.

Issuing a Cloudflare Origin CA origin certificate will prevent you from needing Let’s Encrypt on your origin. It will require you to keep the Cloudflare proxy active :orange: since it is only trusted by Cloudflare.

You have some other DNS entries that could stand some adjustment, but they are outside the scope of the topic at hand.

1 Like

OK. After a day, the problem has resurfaced and as expected changing the nameserver has had no impact.

I have now gone ahead and deleted the NS records from my DNS settings and installed Cloudflare’s origin certificate on my shared server.

Need I do anything else?

Also, my SSL certificate hasn’t still resolved itself. It still says Pending validation. This has been the case for the last 3 days.

See the settings here:

Also, your comment on optimising other DNS settings has me intrigued. I will open another request - but ask for optimisation feedback on my DNS settings.

Thank you

1 Like

It is set to Full Strict.

1 Like

My website is up. My SSL certificate and backup certificate has been issued. I am hoping the Edge certificates will get renewed automatically and all will be well.

Thank you for all your help in this matter. Every single comment made me understand the issues a bit better.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.