Dedicate Edge Certificate cannot renew

We have a Dedicated Edge Certificate that will expire in about 25 days. No custom hostnames. The status in the control panel is “Pending Issuance (Error)” with a red triangle.

If I try to place a dedicated certificate order, I get the message “You must complete domain control validation (DCV) for all hostnames on the Dedicated Certificate before placing an order. (Code:1414)”

How can I resolve this so the new certificate can be issued before the old one expires?

Thanks,

Are you on a partner setup?

No. Not on a partner set up.

In that case such a validation should not be necessary. Whats the domain? And can you post a screenshot of the edge certificate screen?

I’d probably open a support ticket.

You said expiring, was the certificate already working? These should renew automatically without customer interference.

Domain is dustygroove.com

If I try to purchase Dedicated Certificate again:

Alright, the certificate seems to be in place. I wouldnt order anything at this point but open a support ticket and clarify what that status is supposed to mean.

However, why do you have a dedicated certificate in the first place? As far as I can tell the free Universal certificate should cover your use-case just as fine.

The reason we have a dedicate certificate is mostly “for appearances”

Looks slightly more professional if users don’t see a bunch of other domain names if they look at the certificate.

We’ll contact support and we’ll re-enable the Universal if we don’t get this resolved before the expiration date. Thanks for looking into it!

Current Universal certificates shouldnt even be shared any more. Also, people dont tend to check certificates and those who do probably are aware of what SANs are.

Anyhow, as for your current certificate support is the best course of action but you seem to be already heading for that :slight_smile:

Thanks. That’s good to know! (Also we’re not experts, so part of it was probably “It’s fancy so it must be better”, lol.)

We really appreciate the insight. Thanks again. :smiley:

Following up with the resolution:

We had CAA “issue” records for CAs other than digicert.com, but not a CAA record for digicert.com. That had the expected effect of blocking Digicert.com (the CA Cloudflare uses) from issuing a certificate.

We added a CAA “issue” record for digicert.com to our DNS records.

ourdomain.com.  CAA 0 issue "digicert.com"

Then, we ordered a new Dedicated Certificate and it issued right away. Yay!

Here’s a list of the CAs that Cloudflare users:

(edit: to add link to list of CAs)