SSL certificate is still pending

Answer these questions to help the Community help you with Security questions.

What is the domain name?
Aaiwholesale.com

Have you searched for an answer?
Yes

Please share your search results url:
None error on cloudflare

When you tested your domain, what were the results?
Everyday

Describe the issue you are having:
Hostgator server said no issue on there side cloudflare SSL Https still pending after 72hrs.

What error message or number are you receiving?
www.aaiwholesale.com ’s DNS address could not be found. Diagnosing the problem.

What steps have you taken to resolve the issue?

  1. Actived everything on cloudflare

Was the site working with SSL prior to adding it to Cloudflare?
No

What are the steps to reproduce the error:

Have you tried from another browser and/or incognito mode?
Yes
Please attach a screenshot of the error:

Welcome to the Cloudflare Community!

https://dnsviz.net/d/aaiwholesale.com/dnssec/

; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for aaiwholesale.com.)

Your DNSSEC Configuration is broken.

It looks like you have DNSSEC setup incorrectly, maybe you tried to set it up for Cloudflare?

You’ll want to either outright disable DNSSEC, or enable DNSSEC with Cloudflare and update your DNSSEC configuration with the information Cloudflare gives you:

These changes to your DNSSEC Configuration can be done at your Registrar, Launchpad.com (which seems to just be hostgator).

Once you get DNSSEC fixed Cloudflare should eventually retry and succeed issuing the ssl cert. You could also disable Universal SSL under SSL → Edge Certifications, wait a few minutes, re-enable to try to speed it up, otherwise Cloudflare backs off longer with each failure so it may take a bit for it to retry again.

Interesting that hostgator didn’t spot that…

1 Like

Hello,

Disabled DNSSEC disabled SSL certificate and actived it again still pending. Hostgator no help they keep saying SSL not active yet. Went to hostgator and added cname for the 2 cloudflare dns.

Updating DNSSEC and such can take time, I believe it’s usually said up to 24-48 hours, although it usually takes way less time. I still see DNSSEC as being enabled in the whois and dns

DNSSEC: signedDelegation

Adding records at hostgator won’t matter since you’re not using their DNS. The only thing they can help you with, as a registrar, is dnssec and the nameservers you set. Your nameservers are set fine, you could ask them to verify DNSSEC is disabled.

Thank you will let you know tomorrow.

Still SSL txt pending. Hostgator only think is site is http installed.

Your DNSSEC is still broken. Until fixed, no DNS queries involved in certificate generation will resolve so you must fix that first.
https://cf.sjr.org.uk/tools/check?4c6e4e397b864a59944b957f5de2b225

It looks like you have several DS records at your registrar. Delete any old ones and just use the DS record given to you by Cloudflare here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

(or just turn off DNSSEC at your registrar and Cloudflare).

While checking on the domain I noticed that it is pointing to Cloudflare and the DNSSEC record is still enabled:
DNSSEC: signedDelegation
DNSSEC DS Data: 23738 13 2 8C4DC56392F2F12DD54BEEF2EBA57CBDA9FE7A9600929C17F0F8183A8B66BB8F
DNSSEC DS Data: 23738 13 4 84CC002457126B12A6FDB5B2D623CDFB445F443ECC3FC17DC472F6E8411D650E3546DFB209E588CF71DA403234E3B1DC
DNSSEC DS Data: 23738 13 1 64F0B427BCF6D50DD0D70743C41D5EB0CA5DCBBB

It is suggested to contact Cloudflare and disable the DNSSEC record to fix the issue with the website. Once it is resolved SSL will also work.

From hostgator DNSSEC been disabled. Cloudflare been disabled.

This DNSSEC material, as you quote above, is coming from your domain registrar.

As mentioned previously in the thread, your registrar is the only party who can add/update/delete this.

I understand that you want us to disable the DNSSEC record for aaiwholesale from Hostgator end. I see that DNSSEC is not enabled on Hostgator end which could be confirmed from Hostgator Account Manager >> Domains >> Manage >> Advanced Tools option. It appears that this domain has the DNSSEC enabled by Cloudflare end.

DNSSEC not Active on hostgator or cloudflare.

  1. Try sending them something like:

And, if that doesn’t make them help you any further, … the other option is:

  1. Get your auth code, and transfer your domain to a more competent registrar, that know what they are doing.
1 Like

Thank you will send them this info. Yes only server that needed to start multi chats and emails one of the worst servers. Next year moving to rocket has cloudflare build in.

The DNSSEC for the domain ‘aaiwholesale.com’ is not enabled on HostGator. As mentioned in the previous response It appears that this domain has the DNSSEC enabled by Cloudflare end, please contact Cloudflare to disable it on their end.

Cloudflare is not your registrar. It looks like Launchpad is. Only your registrar can remove DNSSEC, as it has to be done upstream of Cloudflare.

Well…darn, a visit to Launchpad sends me to HostGator. You need to push harder. DarkDeviL’s suggestion is spot on. And no amount of pushing back here in the Community is going to change the fact that Cloudflare can not control registry settings for your domain. Just imagine how devastating that would be if any DNS provider could alter your domain’s DS records. That’d be on the level of Cloudflare being able to change name servers for any existing domain, regardless of which Registrar owned it.

I’m hoping that after you’ve gotten the same response from 3.5 MVPs (sjr is an honorary member) here that you’ll take the fight to HostGator.