SSL _acme-challenge records present in DNS but still Pending Validation (TXT)

That’s all right, because Origin certificates are only trusted by Cloudflare.

Is the domain generally active on Cloudflare? Can you post a screenshot of the Overview screen?

Yup, the site is working fine in CF…without enc, so yes, maybe there’s some issue in CF and the edge cert creation

Next steps should be

  • Change the encryption mode to Full Strict
  • Disable Universal SSL
  • Change the encryption mode to Full Strict (done)
  • Disable Universal SSL (you mean Enable right?)

I mean disable :slight_smile:

Once it’s disabled, post a full page screenshot of


All right, no certificates listed. Wait at least half an hour and then enable Universal SSL again. Should it still not issue the certificate, then I am afraid the community cannot help any more and you will have to open a ticket at as only support can fix this on their side.

Your domain is active, DNSSEC is not an issue, and you have no DNS entries which may prevent the validation.

But nonetheless, please do fix all your other sites as well, as you force them on HTTP right now and send all traffic unencrypted over the network.

Thanks @sandro ! I know that, but believe me, is not in my hands where my clients put their sites.

Thanks a lot!

That is true, but the encryption mode is :slight_smile:. If your client refuses to secure their site, then that’s okay, but then the encryption mode should be Off.

Flexible is a legacy mode which typically breaks sites.

1 Like

Done! it was definitively an issue between CF and the DNS propagation (because we changed records in the zone, and then completely changed the DNS of the domain to have CF)

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.