Received 50+ dcv failed email

received 50+ dcv failed email

two days ago we add a new domain received lot dcv failed email
i add this domain use full setup (changing nameservers)
ssl under normal circumstances should be done automatically
SSL/TLS Overview option is full
https://community.cloudflare.com/t/domain-control-verification-dcv-failed-for-the-certificate-with-id-belonging-to-zone-id-the-dcv-method-is-currently-set-to-http-morehelp/297039/4
and zone id is my id
https://community.cloudflare.com/t/many-domain-control-validation-dcv-has-failed-emails/353406
also under SSL/TLS Edge Certificates only have one certificate, without letsencrypt

|Certificate|Expiration||
| — | — | — |
|SHA256 RSA|2023-09-03(Managed by Cloudflare)|
Certificate Validity Period
3 months
Certificate validation method
TXT
Certificate Authority
Google Trust Services

email example:

Hello,
The Domain Control Validation (DCV) has failed for the certificate with the ID *** belonging to Zone ID ***. The DCV method is currently set to txt.
Since the DCV method is set to TXT, please be sure to update your zone’s nameservers at the registrar to the nameservers assigned to your zone in the Cloudflare Dashboard, or manually add a DNS TXT record to your authoritative DNS provider. For more help with changing nameservers, refer to https://developers.cloudflare.com/dns/zone-setups/full-setup/setup/.
You should also ensure that traffic to this hostname resolves to Cloudflare’s edge and that no Cloudflare firewall rules or page rules modify requests to the HTTP .txt file’s URL. For more help, visit https://developers.cloudflare.com/ssl/edge-certificates/changing-dcv-method/troubleshooting/.
If you want to change the current DCV method, follow the steps listed here: https://developers.cloudflare.com/ssl/edge-certificates/changing-dcv-method/
For any additional questions, visit our [Support portal](https://dash.cloudflare.com/?to=/:account/support).
Thanks,
The Cloudflare Team

Hello,
The Domain Control Validation (DCV) has failed for the certificate with the ID *** belonging to Zone ID ***. The DCV method is currently set to txt.
Since the DCV method is set to TXT, please be sure to update your zone’s nameservers at the registrar to the nameservers assigned to your zone in the Cloudflare Dashboard, or manually add a DNS TXT record to your authoritative DNS provider. For more help with changing nameservers, refer to https://developers.cloudflare.com/dns/zone-setups/full-setup/setup/.
Create a DNS record _acme-challenge.***.com TXT ***
Create a DNS record _acme-challenge.***.com TXT ***
You should also ensure that traffic to this hostname resolves to Cloudflare’s edge and that no Cloudflare firewall rules or page rules modify requests to the HTTP .txt file’s URL. For more help, visit https://developers.cloudflare.com/ssl/edge-certificates/changing-dcv-method/troubleshooting/.
If you want to change the current DCV method, follow the steps listed here: https://developers.cloudflare.com/ssl/edge-certificates/changing-dcv-method/
For any additional questions, visit our [Support portal](https://dash.cloudflare.com/?to=/:account/support).
Thanks,
The Cloudflare Team

So… what should I do?
thx

Yea… I wouldn’t recommend enabling those Universal SSL Alerts or the CF for SaaS Alerts unless you like to be spammed. If you want helpful emails, enable Certificate Transparency Monitoring under SSL/TLS → Edge Certificates and you will get emailed for any new certs on your domains.
As far as I know (and based on my personal experience) it’s totally normal for it to fail a bunch of times as long as it eventually succeeds. It retries automatically. I am not aware of the exact cause, but I imagine it to be either conflicting with other certificate issuance or just simple propagation needing a second. Ignore the part where it tells you to create it manually.

If under Edge Certificates your certificate is active (which it sounds like it is) and your website can be accessed without any issues, you should be set. The last dcv email you should have received should have been a success “Certificate issuance has succeeded for the certificate with the…” as well.

If under Edge Certs the certificate has errored out, or you cannot access your website over https, then that is something that needs to be looked into further. If that is the case, please share your domain name as well.

thx, that dcv failed spam scared me
i guess only one google ca is also fine (no backup ca)
(site use google ca looking fine)
thanks for answering~

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.