Edge SSL Certificates pending validation (Even after changing the Domain Registrar))

seopirates · June 21, 2023, 1:22pm

Answer these questions to help the Community help you with Security questions.

What is the domain name?
Hidden

Have you searched for an answer?
I checked many answers, but none worked. They have almost the same 2-3 answers.

Please share your search results url:

When you tested your domain, what were the results?
It’s been showing same SSL error for a few months.

Describe the issue you are having:
The SSL certificate section always shows pending validation, even after changing domain registrar.

What error message or number are you receiving?
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What steps have you taken to resolve the issue?

Disabling/Enabling global SSL,
The domain registrar changed,
CF account change or tried with different CF nameservers.

Was the site working with SSL prior to adding it to Cloudflare?
Yes.

What are the steps to reproduce the error:

Just visit [Hidden]

Have you tried from another browser and/or incognito mode?
yes.

Please attach a screenshot of the error:

Chaika · June 21, 2023, 1:27pm

Thanks for including your domain name!

https://dnsviz.net/d/redacted/dnssec/

; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for redacted.com.)

Your DNSSEC Configuration is broken.

It looks like you had DNSSEC Set up at your old DNS Host. Not all DNS Resolvers validate DNSSEC, some ISP-operated Resolvers don’t, but most Public ones and Certificate Providers do, which will prevent them from resolving your site/issuing a certificate.

You’ll want to either outright disable DNSSEC, or enable DNSSEC with Cloudflare and update your DNSSEC configuration with the information Cloudflare gives you:

These changes to your DNSSEC Configuration can be done at your Registrar, Sav.com.

After you make these changes to fix your DNSSEC Configuriation, the certificate issuance should retry after a bit and succeed. You can use the dnsviz.net site and click “Update Now” to confirm you fixed the issue, no “BOGUS” status/notices should appear.

seopirates · June 21, 2023, 1:50pm

It worked. Thanks

Please remove the mention of my domain name from your answer. [its mentioned 2 times]

It starts showing here and there, like on Google results.

seopirates · June 22, 2023, 3:29pm

@Chaika

Please remove the domain’s mention from the answer above.

system · June 25, 2023, 3:29pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.