The site is down if the CNAME is created and the certificate remains in pending validation
What is the error message?
The edge certificate (Let’s Encrypt provided by Cloudflare) stucks in pending validation
What is the issue you’re encountering
After the CNAME record creation within the DNS (and the record A was deleted) the edge certificate stuck in pending validation for several hours.
What steps have you taken to resolve the issue?
The issue is not solved. Customer needed to roll-back as the site is in production (e.g. it is not a test site).
What feature, service or problem is this related to?
DNS not responding/updating
What are the steps to reproduce the issue?
We tried to change the proxy status to proxied to dns, we waited for at least a minute and then we moved again the proxy status from DNS to proxied.
We disabled universal SSL and re-enabled it after at least one minute.
Hi,
Now I resumed the DNS record (whithin Cloudflare) from Proxied to DNS only.
Which is the right check list in order to perform a new on-boarding domain such as f2agilenet.f2a.biz?
Disable DNSSEC at your registrar first. Without doing that, the change of nameservers will mean your domain will not resolve for DNSSEC using resolvers, or allow the issuing of your Universal SSL certificate.
The end customer replied me as “sorry but it’s not possible, DNSSEC is set as security, I can’t disable it.
Furthermore, DNSSEC is also active for F2D.BIZ domain (e.g. another domain managed in Cloudflare), you can check it too”
Could you please summarise the steps in order on boarding a domain (partial with CNAME) in Cloudflare?
I need to clarify them to the end customer.
Thanks.
Edge certificate in Pending validation after adding the CNAME
What is the issue you’re encountering
The Edge certificate remains in Pending validation after adding the CNAME
What steps have you taken to resolve the issue?
We have tried to disable-renable the proxy status from Proxied to DNS only and then again from DNS only to Proxied (we waited for 1-2 minutes between the operations).
After step 1, we disable-renable the Universal SSL service (we waited for 1-2 minutes between the operations).
Was the site working with SSL prior to adding it to Cloudflare?