Pending Nameserver update (after 48hrs)

Hello,

I added a new site (nowimmigration.ca) to my account on June 9, 2020, and changed nameservers from Go daddy to Cloudflare. After 48 hours it is still saying Pending Nameserver update on Cloudflare. I did re-check a few times but nothing happens.

So, I removed the site and added it again but still the same thing. Any suggestion?
I contacted go daddy already on June 13 to confirm nameserver change. They even emailed me on June 10 to confirm.

It looks like it has DNSSEC enabled. You need to turn this off before you change name servers.

There was no option to turn off. So, I saved a copy and deleted the DNSSEC inside go daddy.
DO I need to add this back once everything is complete?
Will cloud flare automatically detect the change or I need to re-add the site?

Thank you.

DNSSEC: unsigned

That should do it. The Pending should clear, but you can click the “Recheck name servers” again and that might hurry it up.

No, definitely not. If you want to continue to use DNSSEC, which I personally would recommend, enable Cloudflare’s DNSSEC and add those records.

1 Like

Recheck option no longer available on Overview. Overview page is blank. I guess wait until its cleared.

1 Like

Thank you

Just got confirmation from Cloud flare. Site added to account.

2 Likes

If Cloudflare is on, website shows error: Too many redirects and can’t access wordpress back end.
I am not using Flexible SSL but when cloud flare is on it shows me cloud flare certificate.

If cloud flare is off, website works fine and shows the ZeroSSL.

I removed the site from CF. Any suggesting? It started after namerserver process completed.

You need to change SSL mode from Flexible to Full (Strict).

With Flexible Cloudflare makes all requests to the origin over HTTP. But you are redirecting from HTTP to HTTPS on your origin, which is causing the loop. As you have a valid cert on your origin Full (Strict) is the appropriate setting.

1 Like

SSL option is set to off inside CloudFlare. I am not using CloudFlare Flexible SSL. My SSL is issued bu ZeroSSL.

Do you want me to turn on SSL and set it to Full Strict option ?

Since your site is no longer on Cloudflare, we can’t help troubleshoot this. Just make sure it’s set to Full (Strict) when you put it back on Cloudflare.

1 Like

Is there a special reason you want the ZeroSSL certificate?

There are only two ways to present your own certificate to the user.

  1. Upgrade to a Business or Enterprise plan and upload and manage a custom certificate.
  2. Change from :orange: to :grey:, effectively only using Cloudflare for DNS, and with no access to any other services for that host name.

The most recommended setup is to use the Cloudflare issued cert facing the user, a valid (publicly trusted, in date etc.) certificate on your origin, and SSL mode Full (Strict), and :orange: hostnames.

My assumption was you cant take payments using stripe or other on Flexible SSL since its only encrypted from browser to Cloudflare server. Thats why I installed Zerossl (use to be freessl).

I could not find an option to buy just ssl from cloudflare that is end to end encrypted. My knowledge in this subject is limited (learning).

Full (Strict) is end-to-end encryption. The web server end uses your ZeroSSL certificate, and the browser end uses the Cloudflare SSL certificate.

1 Like

To be nitpicking :slight_smile: it still is not real end-to-end encryption as the data will always be decrypted on Cloudflare’s side.

But yes, @paulswebca, only the two Fulls encrypt on the second leg as well, with “strict” being the only really secure method which cannot be broken without compromising certificate authorities as well.
Bottom line, don’t choose anything else than “Full strict” (or “Off” if you don’t want SSL).

4 posts were merged into an existing topic: Way to spoil the fun…

Added the site back.

  • If SSL is set to off then I see “too many redirect error”.
  • Setting the SSL to Full (Strict) fixes it.
1 Like

Excellent. Full (Strict) is the ideal choice.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.