SSL Help Needed

Universal SSL Status Certificate Pending Validation

I have set up several sites with Cloudflare with no problems.

So I decided to switch over my largest site to use Cloudflare. For security reasons, the site is completely SSL-only.

But after 2+ hours of waiting for the Universal SSL to kick in from Cloudflare I gave up (I had hundreds of angry people yelling at me while the site was down, waiting for Cloudflare SSL).

So…I “Paused” Cloudflare, but it still had the same SSL error after a half hour. So in the end, I had to switch the DNS back to what it was originally, away from Cloudflare.

I was HOPING that the Universal SSL for the website would still kick in, despite having changed the nameservers, and that when the Cloudflare SSL finally finished doing its thing, I could move everything back to Cloudflare.
BUT, 24 hours after creating the account, it’s still stuck in
Universal SSL Status Certificate Pending Validation”

…it dawns on me, not knowing the technical details going on in the background, that maybe the SSL can’t be validated if the nameservers have been changed back…maybe?

If so, how do people typically make this change, if their site is SSL-only, and they can’t afford 24+ hours of downtime on a very active website? Is there some other better way to do this?

Or am I just stuck in “Pending Validation” limbo and there’s a problem somewhere on Cloudflare’s end?

Hi @jkosmin,

Sorry about the issue. What I generally recommend it setting all DNS records to :grey:, then changing the nameservers to Cloudflare. This should work as it did before ad Cloudflare is disabled. Then, wait for the cert to go ‘Active’ before switching those clouds that you want proxied to :orange:.

The nameservers do have to point to Cloudflare for the certificate to be issued, I believe.

Also, link for reference: https://community.Cloudflare.com/t/community-tip-best-practices-for-certificate-provisioning/44230

Thank you for the response!

So, I made a lot of people angry yesterday, so I’m a little nervous about changing things back today… ; ) Can I clarify some things?

If I change all the DNS on Cloudflare’s end to gray-cloud, then the site should still work if the Universal SSL is not set up yet? Even when the original site requires/enforces SSL?

My one concern about this, was when I “Paused” Cloudflare the other day, with the Universal SSL validation pending, the site still would not load after waiting a half hour…does it take a while for the “Pause” to take effect, or why was the site still broken at that point?

No problem!

I completely understand and sorry for the issues!

It should do - it is the way I normally do it with no downtime. With them set to :grey:, you are only using Cloudflare’s DNS, none of their other services including SSL so whatever you have configured on the server should continue to work as it did before.

I suspect this was due to cached values that it didn’t start working again…

Great, thank you!! I’ll give it another try.

1 Like

No problem - please let us know if it goes well of if you need any further help! :slightly_smiling_face:

This topic was automatically closed after 30 days. New replies are no longer allowed.