Prior to migrate


#1

Hello everyone, newbie here. Before to migrate my nameservers, I setup the assigned CF DNS on my mac and tried to reach the website to see that everything is fine. I noticed that it seems to flap: from time to time the website becomes unreachable:

  • on SAFARI: “safari can’t establish a secure connection”
  • on FIREFOX: SSL_ERROR_NO_CYPHER_OVERLAP error

My website supports Let’s Encrypt both on CF and serverside.


#2

I don’t think it’s your mistake, I have a website running for more than 2 years and suddenly today it’s been down for an entire day.

there is no one to contact. no support from CF side :confused:


#3

If you haven’t yet gone through the process of activating your domain through the dashboard then this is most likely due to the SSL certificate not having issued fully yet. This process won’t complete until you finalize the setup process and/or embed the required CNAME verification records.

I would suggest reaching out directly to our support team so that we can take a look at this for you and help you get the SSL certificate issued, or if it already is, look at why you are seeing this error intermittently. We can be reached 24/7 via support (at) cloudflare (dot) com, even at the Free level of service! :slight_smile:


#4

Hello Martijn, I contacted the support and the reply was:

“A 404 error is shown when the file doesn’t exist on the origin web server at the address that was entered in the web browser.” etc etc about 404

How does 404 would match my question? :unamused:


#5

@fab We have some auto-responders that look for certain keywords and try to answer common questions. If you reply back to that ticket (assuming you haven’t already) it should reopen that ticket and put it back in the active ticket queue.

But as Martijn mentions we don’t/can’t issue an SSL certificate for a domain until it has been moved to Cloudflare and we request one/receive it back from the certificate authority.


#6

Hi @cscharff, thanks for the clarification, which is useful for other people too.
I immediately replied to the ticket and it was automatically reopened.

The matter is that after 3 days I still get “AUTHORIZING CERTIFICATE”. I previously configured the NS servers until I got the error (about the day after) so I formally moved the domain to Cloudflare. Which procedure do you exactly refer to? Thank you and @Martijn for your kind support!


#7

Occasionally we’ll encounter an error with certificate authorities (sometimes for domains which trigger quasi-arbitrary security checks on the CA’s side or other issues). If a cert is pending for more than 24 hours definitely let us know and we can try to reissue the request or dig to determine if there is another issue which needs to be addressed.

On any given day we probably request 10k+ certificates and have been doing a lot of work to try to speed and improve the issuance process, but occasionally things can go sideways. Sorry you got stuck in on that.

If you’re still in that state definitely open a ticket and let us know you’re certificate is still pending and someone on the support team will take a look.


#8

Thx again. Theorically speaking, the ticket is there opened with the right matter. But the reply was not in scope… Can I please ask you to advice about ticket id 1361379? We can later add here the fix for general public benefit.


#9

Hi @fab I updated your support ticket with some additional info. I’m not in support, so I may not have time to update it today, but the support team should be able to respond if you have follow-up questions.


#10

at the end the solution is:

  • finalize migration of nameservers
  • go to DNS TAB and click on orange clouds, so they become grey, taking note of which A or CNAME you changed
  • check in CRYPTO TAB for the successful SSL authorization and eventually ask the support to manually force it
  • as the SSL is successfully authorized, revert back to orange the previously grayed A records or CNAMEs