Greeting,
Thank you for asking.
I am sorry to hear you are experiencing an issue with the Universal SSL certificate provisioning for your domain name.
I see an issue with DNSSEC for your domain name ivjn.us:
The DNSSEC is broken for this domain, which would prevent certificate validation.
You may have to fix your DNSSEC first.
May I ask how long? 24 hours or even longer?
Have you tried temporary Disabling Universal and re-enabling it from the Cloudflare Dashboard → SSL/TLS → Edge Certificate → scroll down to the section " Disable Universal SSL"?
If you open up the Developer Tools (F12) on the SSL/TLS → Edge Certificate page, it should also show the actual error which would be very useful to know.
I’d suggest you to write a ticket to Cloudflare support due to your domain issue and share the ticket number here with us so we could escalate this issue:
* Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button. If you get automatic reply, reply and indicate to it you need more help and reference to this topic
Or send an an e-mail tosupport[at]cloudflare[dot]comfrom your e-mail associated with your Cloudflare account
Kindly and patiently wait for the reply.
May I suggest below article for help and troubleshooting:
Community Tip - Best Practices For Certificate Provisioning
Thank you for feedback information.
From the WHOIS, I see Registrar Status: clientTransferProhibited, transferPeriod
Check if you have got the DNSSEC enabled at Cloudflare dashboard.
If yes, kindly disable it.
Therefore, I’d suggest you to write a ticket to Cloudflare support due to your domain issue and share the ticket number here with us so we could escalate this issue:
-
Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button. If you get automatic reply, reply and indicate to it you need more help and reference to this topic
-
Or send an an e-mail to
support[at]cloudflare[dot]comfrom your e-mail associated with your Cloudflare account
Thank you very much.
Thank you, I’ve escalated this.
I replied to the ticket. If you didn’t try to disable the DNSSEC option yet, please do so. Otherwise, let us know in the ticket and we’ll escalate it to the registrar team to remove the DS record manually.
This issue probably occurred because you tried to transfer your domain to Cloudflare without disabling DNSSEC first.
Hope that helps
We have raised the issue to our Registrar ticket to remove the DS records. Once that is removed the new DS records will be added and the dig for TXT record should not thrown SERVFAIL errors anymore.
Once that is resolved the certificate should become active.
Hi there,
This has now been resolved.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.