Edge Universl Cert not validated | Redirect not working

Edge Universl Cert is still in the Panding Validation (TXT) stage even after 24 hours on the page added to Cloudflare - mrmrsmith.eu

I wanted to set up a redirection from mrmrsmith.eu to mrmrsmith.pl so as not to wait for the certificate and the redirection also doesn’t work

https://developers.cloudflare.com/fundamentals/setup/manage-domains/redirect-domain/

what should I do?

You need to disable DNSSEC at your registrar or set the values provided by Cloudflare.

DNSSEC off on OVH for mrmrsmith.eu

Then you need to contact your registrar as that is not working

Are you sure?

$ dig +dnssec +multi mrmrsmith.eu

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> +dnssec +multi mrmrsmith.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2036
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;mrmrsmith.eu. IN A

;; ANSWER SECTION:
mrmrsmith.eu. 300 IN A 104.21.89.121
mrmrsmith.eu. 300 IN A 172.67.141.223

;; Query time: 16 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Feb 14 10:54:38 CET 2024
;; MSG SIZE rcvd: 73

Again, you don’t have a valid signature and need to talk to your registrar

Thank you, I wrote to OVH. I received information that DNS SEC was disabled incorrectly.
The certificate was generated for mrmrsmith.eu

I have a question about this DNS SEC
I have 4 domains

mrmrsmith.pl
mrmrsmith.com
mrsmith.pl
mrmrsmith.eu

I have DNS SEC turned ON on the first 3 sites and I remember that I did not turn off DNSSEC when connecting the websites to Cloudflare and everything worked.

Should I have this DNS SEC enabled in OVH for all domains or disabled since I use them in Cloudflare?

Right, DNSSEC has been disabled, but it may still take up to two days to properly work.

However, if the certificate has already been issued, that should work now. Just make sure your encryption mode is Full Strict, otherwise there still is no encryption.

And you can certainly reconfigure DNSSEC if you want.

Full (strict) - is ON on all domains.

Ok, but what are the consequences of re-enabling DNS SEC or keeping them enabled for every domain connected to Cloudflare?

Will there be any problems with automatic renewal of certificates in 3 months when DNS SEC is enabled?

Then your encryption mode is correct.

As for DNSSEC, as long as that is a valid setup, there won’t be any issues with resolution.

I received information from OVH that DNSSEC has been successfully disabled.
Is this correct for the mrmrsmith.eu domain?

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.