Edge Certificates - Pending Validation (TXT)

I have read all the recommendation already, but nothing helped.

Edge Certificates is stucked on Pending Validation (TXT) for more than 24h

Domain: jslawglobe.com
Name servers: kehlani.ns.cloudflare.com & quinton.ns.cloudflare.com
DNS: All A records are “proxied”, ie orange cloud. All MX and TXT are DNS only.
I only have A, MX and TXT. I don’t have CNAME.
My SSL/TLS encryption mode is “Full”

What have I tried?

  1. When I turn Clouflare off (grey cloud, ie not proxied), the SSL works fine. (if relevant, it uses autoSSL from cpanel)

  2. I tried to turn Universal SSL off, then wait 5 minutes, and back on

  3. Add the Validation TXT myself, but when I try to do that, it says “already exists” (although I cannot see them, as they are probably hidden"). But if I cannot see them, how can I be sure they have the right value? How to show them?
    However, when I check here the TXT doe not show. So maybe the auto system can not add it automatically for the same reason I cannot?
    DNS Lookup - Check DNS Records

  4. Wait for 24h

What I have not tried: use the API, because I don’t know how to do that.

I have the exact same setup for another domain (same hosting provider, but a different registrar) and it works great.

I increasingly believe that the problem is related with not being able to add the TXT record. I paste below a screenshot. See how it says that the record already exist, but it is not in the list.


Somebody, maybe you, has already figured out that DNSSEC is broken. I went to DNSViz, but someone already tested your domain ten hours ago:

I suggest that you disable DNSSEC at your domain registrar to get things headed in the right direction.

Thanks. But DNSSEC is NOT enabled on Cloudfare (see picture)
My registrar does not support DNSSEC and does not have an option to turn it off or on.

I suggest you double check with your domain registrar because your domain’s registration says DNSSEC is enabled:

% whois jslawglobe.com | grep DNSSEC
   DNSSEC: signedDelegation
   DNSSEC DS Data: 49211 8 2 EEE39935BA7E61FFAD077F04F6877495B659B1295712B2A67BD03F470EFE0F2F
DNSSEC: signedDelegation


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.