Hi,
We really appreciate all those great contribution from all community members.
We really can’t find a solution right now.
We do have an active subscription of the Advanced certificate Manager.
Usually the case is, that Total TLS issues new certificates to any proxied hostname (Edge Certificates)!
We have mixed up some IPv4 addresses in our DNS A-level entries
We had entries like this:
sub.subdomain.example.com - 1.2.3.4
sub.subdomain2.example.com - 1.2.3.4
We have updated all DNS entries right now, waited 36 hours - right now all DNS entries are correct on cloudflares dashboard.
sub.subdomain2.example.com - 3.4.5.6 (update of IPv4)
Problem
Not all proxied hostnames in our DNS records receive a Total TLS (edge) certificate.
What we did so far:
- purged cache
- We have disabled Total TLS for around 4 hours, then enabled it again.
Still not all proxied hostnames receiving a Total TLS (edge) certificate.
sub.service2.example.com - 3.4.5.6 won’t receive a Total TLS (edge) certificate.
Any idea what else to do are very welcome!
Again, thanks all of you!
Does the impacted hostname appear on the Edge Certificates section of the dashboard at all?
Did you previously have a certificate for this hostname through Total TLS? If you deleted it manually, then Cloudflare assume you want to exclude it from Total TLS in the future.
Hi @michael,
thanks for your response!
Did you previously have a certificate for this hostnames through Total TLS?
Yes. We had.
If you deleted it manually, then Cloudflare assume you want to exclude it from Total TLS in the future.
We did delete this entry manually. Afterward, we tried to disable / enable Total TLS. You are right.
How to re-include these entries @cloonan and @michael?
Many thanks!
Hi Community Team @cloonan ,
We did delete Total TLS entries manually. This, as in our community discussion here mentioned, means, we have excluded some DNS entries to be issued by Total TLS.
Question no one still answers: How to re-include these entries?
Maybe @michael has an answer?
Therefore, it would be great to get a solution from the community Team before this ticket will be closed.
Many thanks!!!
P.S. Through the API call this is the response @michael @cloonan
{"success":true,"errors":[],"messages":[],"result":{"enabled":true,"certificate_authority":"lets_encrypt","validity_period":90,"status":"enabled"}}
We still have this problem.
We deleted all entries and waited one week.
After adding back “A entries” again, we still
do not get Edge Certificates issued by Total TLS for those entries.
Really no idea @michael or @cloonan ?
What is the name of the domain?
None I’m afraid. Trying to find somebody who can definitively answer.
This would be really helpful if you can point someone to this thread! Many thanks!
