Getting lots of emails saying "Domain Control Validation (DCV) has failed"

Two days ago I received an email alert from Cloudflare saying:

The certificate with the ID xxx belonging to Zone ID yyy has been deployed to Cloudflare’s edge. The certificate’s status is now active.

We’re not aware of doing anything to precipitate that message.

Straight after receiving that email I started getting more email alerts from Cloudflare all saying:

Domain Control Validation (DCV) has failed for the certificate with the ID zzz belonging to Zone ID yyy. The DCV method is currently set to txt.

In other words the first email referenced one certificate ID, and the subsequent emails all reference a separate certificate ID (the same one in each email), though the zone ID is the same in each case.

I’ve so far had about 45 of these same email alerts at all times of the day.

The only thing we did recently in the DNS settings in our Cloudflare account was to add a new TXT type record in mid-September to rectify a problem where our website was failing a check taking credit card payments, but that seemed to go fine and it’s only some six weeks later that I started getting these email alerts.

Does anyone know what the emails mean or if this is important?

Thanks
Richard

That sounds like the type of message that goes out on a Cloudflare Partner setup. This is when you have a CNAME that points to hosting that uses Cloudflare. Is this the type of setup you have?

Hi,
Thanks. Do you mean a CNAME record in some other hosting (outside of Cloudflare) that points to Cloudflare?
Within Cloudflare we have five CNAME records, but I’m not sure if we have any elsewhere.
The email goes on to say “If the DCV method is set to TXT [which it has said is the case], please be sure to update your zone’s name servers at the registrar to the name servers assigned to your zone in the Cloudflare Dashboard or manually add this DNS TXT record to your authoritative DNS provider.”
I don’t know though which record is being referred to by the email as it only talks about the certificate by its ID and I don’t know how to look up records by ID. We have about 40 DNS records in Cloudflare.
What is a “zone”?
We haven’t changed anything as far as we know so we don’t understand why suddenly these emails have started coming.
Thanks, Richard

Yes, that’s what it sounds like.

A “Zone” is your domain in the Cloudflare dashboard.

It could be that a certificate is nearing expiration and this third party wants you to add a TXT record.

On the other hand, there’s a slight chance this is a scam and someone is trying to generate a bogus certificate with your domain’s name on it.

You can start looking around your domain(s) here. The Zone ID is in the right column of the Overview page for your domain. And, of course, see if you can contact any of the services your CNAMEs point to and ask about this.

I’m getting lots and lots of these also. Not on a partner, partial or other funny setup. I opened a ticket, as several were for domains with Universal disabled so no cert should be issued at all. @TKlein was involved in the ticket, which never really got resolved. I’m still getting lots of emails about the same thing.

I’ve also seen them occasionally with the initial Pages Custom Domain cert. But those have always been one off, not the repeated DCV messages every hour.

Just check the domain in question has a valid cert which is not due to expire soon. Then you can ignore the emails if the existing certs have plenty of time left. I think the messages are due to some backend work to reissue certs, and not really indicative of an issue.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.