Old SSL is causing validation issues with Cloudflare SSL (Pending Validation)


I have a client, who purchased their domain from domain dot com, and started the SSL process there.
After they couldn’t figure it out, they contacted me, and I’m moving it to cloudflare. I’ve always had it work perfectly. However, since the old SSL is there, I am getting the “Pending Validation”.

I’ve read all the articles, tried all the disable/enable, etc. I tried the greycloud/orange cloud changes, and still no impact. I’m somewhat technical, but feel lost on this one.

Domain dot com support is nonexistant, as I was hopoing to disable the DNSSEC there.

I saw an article on Cloudflare community that it is DNSSEC, which makes sense. the solution was that a ticket was created, and the cloudflare support was able to ‘cancel’ the old Let’s Encrypt SSL, and then the Cloudflare, edge SSL (also Let’s Encrypt) validated. I don’t have a business account, so I can’t create a ticket.

The domain is mach2plus dot com. The NS is currently NOT pointed to cloudflare.

I’m working on it, but does anyone have any ideas besides what I already tried.


When did they do this? The name servers were with Google until 21 days ago, and the domain seems to have been in continuous use for more than a decade.

With broken DNSSEC the domain is completely unreachable. Certificates cannot be validated as you have no way to prove to a Certificate Authority that you control the domain (they have literally been instructed through not to trust any of the data they are getting from DNS.)


You have to resolve this issue with your Registrar, who is domain.com.

The ‘Old SSL’ is not an issue.

Hi Michael, Thank you.

You are correct, they transferred it TO domain dot com, and yes, about 21 days ago.
Thanks for your DNSSEC info as well.

I’m not sure what step I need to take? I’ve read up the other community articles and I’m stuck in ‘not sure’ mode.

How do I resolve this issue with Domain dot com? Not sure what to ask.
I have access to the account, the name servers are back to default (domain dot com) and I have control over the DNS.

Just not sure what to do. Domain dot com support is non-existant, help Articles only, non on this.


Hi Michael,

Domain dot com replied, they are ‘cancelling’ the SSL. 24 hours. I’ll check back in when I have an update.
Thanks again for your support.


Delete the DS record with your Registrar.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.