I created an Universal SSL certificate, in edge certificates, for my domain. But I have lost tokens returned while in “pending_validation” status, and now I cannot create the TXT record needed for DCV process.
I tried to recover this values through API call " Get Certificate Pack"; but no DCV values returned since certificate is “active”
If you’re using a full setup (you changed your nameservers to point to Cloudflare, only option for free and most likely what you’re doing), Cloudflare will automagically create the necessary DCV Text Records (hidden from you in the dashboard) and do everything for your universal to be issued. If it’s active, it means it’s already passed issuance and it’s ready to go.
After viewing your comment I continued investigating my problem. It araised when starting a Swag Docker container in my server. I got an error that said that could not find a TXT record to confirm domain ownership. I did not pay enough attention to other message saying that default propagation time was 10 seconds! Although in the message also refered to dns-cloudflare-propagation-seconds, in the compose file I used to start service I had to use PROPAGATION environment variable. I increased to 60 seconds and now is working.
So thanks again for your help. It helped me to change the focus of attention to the real problem.
Finally I want to point out one thing: while looking for information in Couldflare developers pages, I found that those TXT records should be manually created, and are only available while certificate is in pending validation state. It seems a contradiction to the fact that are automatically created (and not visible). Here is the article:
It sounds like to me you’re confusing the Universal Certificate Cloudflare issues and manages for you, with your own certificate issued via Let’s Encrypt/Certbot, automated using Cloudflare DNS.
Cloudflare issues you an Edge Universal Certificate, for which they manage and you can’t download the private key of/use yourself. The SWAG Container looks to use Let’s Encrypt to issue you a certificate you can use locally, and it uses Cloudflare DNS API Integration to create the records for you.
User ← Edge Certificate → Cloudflare ← Origin Certificate (which SWAG issues you one for via Let’s Encrypt → Origin
Both ends need to be secure. The Universal Certificate is automatic, and any origin certificate you need would require some action (like when using Let’s Encrypt, creating those dns records manually or through an integration)