For Workers & Pages, what is the name of the domain?
kompot.cloud
What is the issue or error you’re encountering
Hey, I have a few questions regarding custom hostnames renewal process. What is the expected SSL status of a custom hostname during the renewal process? Will it remain ‘active’ or transition to ‘pending_validation’ until the renewal is completed? During the renewal of a custom hostname SSL certificate, does Cloudflare initiate HTTP requests to ~/.well-known/cf-custom-hostname-challenge/{token} for validation, similar to the initial certificate issuance? If so, is the token used for renewal the same as the one generated during the initial issuance, or is a new, unique token created for each renewal?
Haven’t used a lot, however from what I can remember, during the renewal process, the status is expected to go to the pending_validation as per default, temporarly. If we have an existing SSL certificate, the website should still be accessible with the current SSL certificate while the renewal process is happening and valid. Once completed, it’ll be in active status.
Otherwise, if somehow stuck in the process, you’d for sure notice this, no doubt.
Cloudflare generates a new, unique token for the SSL certificate renewal process and it is not the same as the initial one, which happens due to the my best guess implemented token lifecycle process which Cloudflare uses.
May I ask if it’s related to the SaaS feature, or?
Due to my curiosity, are you concerned maybe if you’re using TLSA/DANE related DNS records for your custom domains (hostnames) which would get new certificate issued soon in future?