SSL Certificate Update emails

I am hoping you can shed some light on what I need to do here. Cloudflare has been sending emails to us every month for the past 3 months. They send several out all with the subject “SSL Certificate Update” on the same day, one right after the other. What do I need to do to get this to stop?

The first email(s) say the same thing (they have been increasing the number of these first emails, sending multiple emails on the same day with the same message):

The Domain Control Validation (DCV) has failed for the certificate with the ID 40b6c8b3-424b-4332-ae1f-4a08e27098db belonging to Zone ID c4d489a01b07e2c277167f1694a11e65. The DCV method is currently set to txt.

Since the DCV method is set to TXT, please be sure to update your zone’s nameservers at the registrar to the nameservers assigned to your zone in the Cloudflare Dashboard, or manually add a DNS TXT record to your authoritative DNS provider. For more help with changing nameservers, refer to Change your nameservers (Full setup) · Cloudflare DNS docs

Create a DNS record _acme-challenge.toysgoround.org TXT VclTA36Y5SfFVUK3xQbDoUjbHNC3QDjnpne6WZDJz1M

Create a DNS record _acme-challenge.toysgoround.org TXT 2PWCe2PoCgdjQ8irq1CCzg7XHAv4zRatq_Sxqa4mYIU

You should also ensure that traffic to this hostname resolves to Cloudflare’s edge and that no Cloudflare firewall rules or page rules modify requests to the HTTP .txt file’s URL. For more help, visit Troubleshooting Domain Control Validation · Cloudflare SSL/TLS docs

If you want to change the current DCV method, follow the steps listed here: Domain control validation (DCV) · Cloudflare SSL/TLS docs

For any additional questions, visit our Support portal.

Sometimes we get another email that says:

Hello,

Certificate issuance has succeeded for the certificate with the ID 40b6c8b3-424b-4332-ae1f-4a08e27098db belonging to Zone ID c4d489a01b07e2c277167f1694a11e65. The certificate’s status is now pending_deployment.

Thanks,
The Cloudflare Team

And another one says:

Hello,

The certificate with the ID 40b6c8b3-424b-4332-ae1f-4a08e27098db belonging to Zone ID c4d489a01b07e2c277167f1694a11e65 has been deployed to Cloudflare's edge. The certificate’s status is now active.

Thanks,
The Cloudflare Team

In the dashboard, under your account → Notifications (https://dash.cloudflare.com/?to=/:account/notifications), you have most likely created a Universal SSL Alert Rule. SSL for SaaS Custom Hostname Alerts and Adv. Certificate Alerts can generate the same kind of emails as well.

You can just turn that rule off/delete it to stop these. My experience is its normal a few might fail, but they should all eventually succeed, like in your example.

In your account, within a Zone, you can navigate to SSL/TLS → Edge Certificates, scroll down and enable “Certificate Transparency Monitoring”, if you want. Certificate Transparency Monitoring emails you only when a new cert is issued, and it can be by anyone, not just Cloudflare. You’d get just one email per certificate, which is usually more desirable if you still want some alerts.

1 Like

Thanks for your quick response! So I clicked to disable the SSL Alert - Universal Alert to disable it. Was that correct?

I also clicked on Certificate Transparency Monitoring to enable that. Is that all I need to do?

If the enabled slider is off, yep. You can just delete it entirely as well, not much point in keeping it around if you won’t ever enable it again.

To get starting CT Emails? Yup, iirc they’re just sent to all account superadmins, unless you are on Biz/Ent, in that case you can specifically configure who gets emailed

Thank you!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.