Custom hostname certificate status is in pending state

What is the name of the domain?

subdomain.exampe.com

What is the issue you’re encountering

Custom Hostname Certificate Validation status

What steps have you taken to resolve the issue?

DCV Delegation is done, necessary TXT record or HTTP token is already in place.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full (strict)

Custom hostname certificate status is in “Pending Validation (HTTP)”, eventhough the HTTP token is in place and DCV Delegation added

If it’s 1st level sub-domain, it should be covered by the Universal SSL.

May I ask if the DNS record for subdomain is proxied :orange: ? :thinking:

Is the main (root) domain still active and using Cloudflare nameservers?

Is DNSSEC enabled or have you had it since before?

Did you used some 3rd-party service integrator and using CNAME setup, otherwise maybe you’re using service(s) from a Cloudflare partner such as Dreamhost, etc.?

It’s not 1st level sub-domain, it’s something like sub1.sub2.example.edu.ca

May I ask if the DNS record for subdomain is proxied :orange: ?

Yes, it’s proxied

Is the main (root) domain still active and using Cloudflare nameservers?

webapps.com is a main root domain registered and hosted on Cloudflare. app1.webapps.com CNAME to app1.netlify.app and sub1.sub2.example.edu.ca CNAME to app1.webapps.com.

sub1.sub2.example.edu.ca CNAME to app1.webapps.com
app1.webapps.com CNAME to app1.netlify.app

DNS for sub-domain is proxied.

Is DNSSEC enabled or have you had it since before?

DNSSEC is enabled and is working. We are using Cloudflare just for this use case to have DNSSEC on the sites hosted on Netlify. We were able to verify the cert before and status was verified.

Starting few day back, I’m seeing pending validation status. The strange thing is the certification validation record is already either HTTP way or TXT method.

http://sub1.sub2.example.edu.ca/.well-known/acme-challenge/uubahshyu272727sjsusjsj points to the expected value.

_acme-challenge.sub1.sub2.example.edu.ca points to the expected TXT value.

We have Advanced - Total TLS

What is the name of the domain?

exampe.com

What is the issue you’re encountering

Tickets automatically gets closed without any response

What steps have you taken to resolve the issue?

Emailed to the support ticket email. Raised the same case again as I did’t get any response for the previous ticket for more 2weeks or so.

What are the steps to reproduce the issue?

I’ve noticed that support tickets are automatically closed without any response, and the link provided in the email to view the support case (e.g., https://www.support.cloudflare.com/support/s/case/5008e8ejdjjjejejeje) doesn’t seem to work. Additionally, replying to the email doesn’t appear to have any effect.

Does anyone know if there is a defined response SLA for Pro Plan customers?

Case Nos: 01355186, 01374918

Note that except for billing and account-related issues, Cloudflare is primarily a self-service platform even at the highest plans.

Can you describe the problem for which you raised these tickets? If it’s a technical issue with your site, community members may be able to assist you. Otherwise, this will help guide any possible escalation of your tickets.

There’s none, not even on the Business plan: https://www.cloudflare.com/plans/

The Business plan has 100% Uptime SLA, but only Enterprise customers have an initial ticket support response time guarantee.

Thanks for clarifying that there is no set response sla for the tickets even on Business plan.

Can you describe the problem for which you raised these tickets? If it’s a technical issue with your site, community members may be able to assist you. Otherwise, this will help guide any possible escalation of your tickets.

I have posted in the community forum, let me wait for the community help.

I think it would be best to remove the mention of ticket support being available in the “Pro” plan, as it’s causing confusion. Forget about the SLA—there’s been no response to a ticket submitted two weeks ago, which makes it seem like support tickets aren’t functional. It’s clearer to just remove that statement from the plan feature breakdown.

May I ask if this sub-sub domain is covered with a valid SSL certificate at your origin server? :thinking:

Furthermore, for this proxied :orange: and covered with Cloudflare’s Universal SSL certificate with Full (Strict) SSL setup, I am afraid you’d have to use Advanced Certificate Manager and purchase it for $5:

Following the instructions to create/order the SSL certificate to cover such deep-level sub-domain

Furthermore, for this proxied :orange: and covered with Cloudflare’s Universal SSL certificate with Full (Strict) SSL setup, I am afraid you’d have to use Advanced Certificate Manager and purchase it for $5:

We have purchased ACM and currently this sub-sub domain is covered with valid ssl

Does this domain(or its parents) have any CAA records?

No CAA records for sub1.sub2.example.edu.ca or sub2.example.edu.ca or example.edu.ca.

`

The certificate was provisioned by Cloudflare few months back via Cert TXT validation and DCV Delegation.
Now the certificate expires in 10days and status is in Pending

Can you share the actual domain?

HTTP domain control validation (DCV) · Cloudflare for Platforms docs.

Please make sure your target record is proxied.
I’ve responded to your ticket. Please follow up there if you have further questions.

1 Like

Please take a look at the other custom hostnames which are already proxied but the status is in “Pending”. The one you have replied is not proxied because we had to put in DNS only mode because of the SSL issue.

If you look at the other domains, for all of them DCV text or TXT record already present.

I have shared the screenshot of the same in the email.

The validation is being blocked by one of your firewall rules. I have added more info in the ticket.

2 Likes

I see, thanks for helping. Let me check and remove the Country firewall rule

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.