Since yesterday I updated the NS record in AWS Router53 to point to the two Cloudflare NS servers but the Cloudflare user interface still shows “Pending Nameserver Update” after so much time.
The domain does not have SSL yet because SSL will be setup after Cloudflare DNS will be OK - Letsencrypt uses cloudflare DNS to validate the domain but the domain DNS needs to be correct otherwise Letsencrypt DNS validation is not working.
NS queries for your domain to the me. root nameservers suggest that your registrar somehow updated the parent zone, but still has AWS DNS in your whois record. That is most unusual. You may want to ask your registrar about that.
There is no need to post AWS screenshots as nothing in them is relevant to your situation. You cannot use AWS DNS and Cloudflare on the same zone at the same time. You need to contact Gandi and ask them why you still have AWS nameservers in your whois.
% whois vtrasca.me
Domain Name: vtrasca.me
Registry Domain ID: 62a1e2f8d85343d2a65bb25e372546e9-DONUTS
Registrar WHOIS Server: whois.gandi.net
Registrar URL: https://www.gandi.net
Updated Date: 2023-08-20T02:00:18Z
Creation Date: 2020-09-23T13:34:49Z
Registry Expiry Date: 2024-09-23T13:34:49Z
Registrar: Gandi SAS
Name Server: ns-1611.awsdns-09.co.uk
Name Server: ns-316.awsdns-39.com
Name Server: ns-1372.awsdns-43.org
Name Server: ns-986.awsdns-59.net
Nowhere in any Cloudflare documentation is there any instruction suggesting that you update NS records in your zone. The directions very clearly state that you must change the nameservers at your domain registrar.
Again there is no instruction to create NS records in your zone. It is a pointless action that will produce no desired effect
The registrar is indeed AWS Route53, this is why I sent screenshots from AWS. I never had anything to do with gandi, I never bought anything from them.
After I read your last answer I went again in the AWS Route53 user interface and looked more carefully. I noticed that there are two menu entries closely related there is the Zones menu item and Domains menu item and their screens look identically they both have NS records and they both look the same - You were right previously I did modify the NS records from the Zone just because I’m doing this activity once every 2 years and the user interface looks the same in both places.
I now rolled back the zone NS changes and updated the NS records from the domain this time.
Hopefully this was the issue and it will not take 24h for the NS changes to propagate.