Issues getting SSL/TLS Edge Certificates Provisioned


I’m having issues getting my Edge Certificate for my domain generated. It has been “authorizing” for more than a day. I’ve recently changed my Zone prior to requesting a cert, and it’s been 48 hours already and the site seems inaccessible over any SSL setting. I’m requesting for the free Edge Universal SSL cert.

I’m using strict SSL/TLS mode, and I’ve already tried disabling universal SSL, waited for 5 minutes, re-enabled it to make a new request. I’ve also used the API and the undocumented API param to change the CA provider to issue a Digicert Edge cert but nothing seems to work.

Can anyone take a closer look? I’m on a free plan and I’m limited to community help and unable to raise a support ticket. I’ve previously used the domain on CF, on a different account, and recently migrated to a different account.

EDIT: The NS and DNS work fine. The TXT validation records exist already (hidden from view).

Zone ID: 5d73dfe1877e5da576ca8ce8e2916e28

Have you checked DNSSEC for your domain?

Enter your domain into the tool above and fix any issues.

1 Like

That worked like a magic. DNSSEC was not enabled on my CF settings, but records have been configured at the registrar. Turned on DNSSEC in CF and confirmed it to be “Success!” and that got it provisioned.

1 Like

Yes - if you leave DNSSEC configured from your previous DNS provider, your DNS responses will be invalid and any DNS resolver that validates DNSSEC will fail. Certificate Authorities typically do validate DNSSEC when doing DV (Domain Validation) before issuing a certificate - so having invalid DNSSEC will stop a cert from being issued.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.