I cannot ensure my website SSL security. 'pending validation txt' is probably because of this. Can you check what can I do about this?

Answer these questions to help the Community help you with Security questions.

*What is **the domain name?,
tahminet(dot)app

Have you searched for an answer?
Yes, this is the same issue: #275052

Please share your search results url:
/search?q=pending%20validation&expanded=true

When you tested your domain, what were the results?
The HTTPs not enabled, because the cert not yet validated.

Describe the issue you are having:
Edge SSL disappear, the HTTPs cannot be accessed. Then I troubleshoot (re-enable universal SSL) and get “Initializing” process, which takes very long too. Then I troubleshoot (re-enable universal SSL) and now get pending validation TXT which last for 3 days. This process still not progressed even after re-enabling universal SSL. The notice has text of “No action is required” but the process take unnecessarily long.

What error message or number are you receiving?

Pending Validation (TXT )
Review Universal Certificate for *.abdillah.me, abdillah(dot)me
Cloudflare will validate the certificate on your behalf. No action is required.
What steps have you taken to resolve the issue?

  1. Disable Universal SSL, wait about 10 minutes
  2. Enable Universal SSL.
  3. See the status after a while.

Was the site working with SSL prior to adding it to Cloudflare?
yes

What are the steps to reproduce the error:

  1. Enable Universal SSL
  2. See the Initializing process (it was taking two days two before I disable-enable the SSL).
  3. If lucky, see the Pending Validation TXT process.

Have you tried from another browser and/or incognito mode?
No browser issue.
Please attach a screenshot of the error:

Hi there,

If I query the TXT validation record that is expected I am seeing a SERVFAIL DNS response, meaning DNS resolution is not working as expected for your zone.

$ dig txt _acme-challenge.tahminet.app
; <<>> DiG 9.18.21 <<>> txt _acme-challenge.tahminet.app
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18776
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

A common cause of this is a misconfigured DNSSEC- which I can see you have an invalid DS Record configured at your registrar:

$ dig ds tahminet.app +short
65156 8 2 AC5AB4E587BFED69E0DDBDD21BC81F986A8860DE0AD853834A64DEF3 6322C4F4

Remove this DS Record from your domain registrar, if you want to use DNSSEC - you would need to enable it via Cloudflare’s dashboard and then configure the DS Record we give you at your registrar.

Once this is corrected the DNS record will response correctly and the CA will be able to complete DCV validation and issue the certificate.

Hope this helps!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.