I’m having issues getting my Edge Certificate for my domain generated. It has been “authorizing” for more than a day. I’ve recently changed my Zone prior to requesting a cert, and it’s been 48 hours already and the site seems inaccessible over any SSL setting. I’m requesting for the free Edge Universal SSL cert.
I’m using strict SSL/TLS mode, and I’ve already tried disabling universal SSL, waited for 5 minutes, re-enabled it to make a new request. I’ve also used the API and the undocumented API param to change the CA provider to issue a Digicert Edge cert but nothing seems to work.
Can anyone take a closer look? I’m on a free plan and I’m limited to community help and unable to raise a support ticket. I’ve previously used the domain on CF, on a different account, and recently migrated to a different account.
EDIT: The NS and DNS work fine. The TXT validation records exist already (hidden from view).
That worked like a magic. DNSSEC was not enabled on my CF settings, but records have been configured at the registrar. Turned on DNSSEC in CF and confirmed it to be “Success!” and that got it provisioned.
Yes - if you leave DNSSEC configured from your previous DNS provider, your DNS responses will be invalid and any DNS resolver that validates DNSSEC will fail. Certificate Authorities typically do validate DNSSEC when doing DV (Domain Validation) before issuing a certificate - so having invalid DNSSEC will stop a cert from being issued.
