Issue with DNS propagation / DNSSEC issue


I have some issue with DNS propagation on domain, it is stuck in half way and I cannot request SSL (on another service). Probably person who was transferring domain forgot to disable DNSSEC before domain transfer.

What I should do? (since DNSSEC is already disabled on Cloudflare) is not proxied and requests go direct to your origin. However, your origin certificate is for * Ignoring that, I can connect ok. You need a certificate for *

curl -Ivv
*   Trying
* Connected to ( port 443 (#0)
* Server certificate:
*  subject: CN=*
*  start date: Jun 12 00:00:00 2023 GMT
*  expire date: Jun  5 23:59:59 2024 GMT
*  subjectAltName does not match
* SSL: no alternative certificate subject name matches target host name ''
* Closing connection 0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name ''

curl -I --insecure
HTTP/2 200
content-type: text/html; charset=UTF-8
link: <>; rel=""
link: <>; rel="alternate"; type="application/json"
link: <>; rel=shortlink
cache-control: no-cache, must-revalidate, max-age=0
x-cacheable: yes
etag: "1231-1700158094;;;"
x-litespeed-cache: hit
date: Fri, 17 Nov 2023 09:57:44 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

SSL can be requested only via web interface and can probably happen only after fixing “DNSSEC validation failure”

That’s a separate problem. You will need to add the DS records at your registrar.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.