How to re-activate Total TLS for deleted DNS record?


I purchased Advanced Certificates and activated Total TLS.

I used a Workers Route to hook a domain to a Worker and then noticed the DNS record I had previously entered for that domain seemed wrong/redundant, so I deleted it.

The domain then stopped working and I find I have fallen down this hole mentioned in the documents:

Deleting certificates

Once you enable TLS, be careful deleting any certificates associated with proxied hostnames.

If you do, our system assumes you want to opt that hostname out of Total TLS certificate and will not order new certificates for the hostname in the future. This behavior applies even if you delete and re-create the hostname’s DNS record.

So re-creating the DNS record does not solve the problem.

The domain is too deep for a Universal Certificate.

What can I do to recover the situation please ?

That article you are referencing is purely about deleting the certificate itself manually, not the DNS Record. I just tested deleting and creating a DNS Record myself with Total TLS, and it just removed and then recreated the Total TLS Cert without any issues.

If you did delete the Total TLS Cert itself, I don’t know of any way to get it to issue one again. You can just manually issue an Advanced Certificate though, with that hostname.


Thank you for clarifying and also testing. I guess it could have been DNS propagation delays but I will check again today and see if I can get it working. As a fallback I will create an Advanced Certificate as you advise. Thank you for your help, it’s much appreciated :+1:

1 Like

Just to close this …

  • Now working.
  • Was not Total TLS as you correctly suggested.
  • Was wrong DNS configuration.


1 Like