Ssl universal certificate awaiting validation

after 1 week ssl is still in awaiting validation

i have disabled and re enabled, but still pending

i have other 10 domains and ssl was enabled after 2-3 minutes.

what can i do to fix ?

1 Like

Welcome to the community!

I would suggest three things:

  1. Disable and re-enable Universal SSL after about 15 minutes.
  2. Check if you have phantom _acme-challenge DNS TXT records. You could use the dig command or an online tool.
  3. If you don’t mind, you can try changing the certificate authority. Check out this guide. You should take a look to point 2. What can I do now to minimize the impact of this change?. Remember to change PREFERRED_CA to either digicert, lets_encrypt or google.

Hope it helps!

thanks for your reply but

  1. I have already done this for 2 times
  2. txt record already exist
  3. i’m not expert and I don’t know where all those codes go

Ok. Then you probably have this issue:

There is a quick solution for now. You’ll need:

  1. A terminal.
  2. Curl. You’ll probably already had this installed.


  1. Obtain your Global API key from here.
  2. Obtain your domain Zone ID. You can obtain it in the bottom-right part of the domain overview page. The domain should obviously be the one in which you’ve had the issue.
  3. Type in the terminal:
curl -sX PATCH "[DOMAIN_ZONE_ID_HERE]/ssl/universal/settings" -H "X-Auth-Email: [CLOUDFLARE_EMAIL_HERE]" -H "X-Auth-Key: [GLOBAL_API_KEY_HERE]" -H "Content-Type: application/json" --data '{"certificate_authority":"digicert"}'

WARNING: This script may stop working on September 15, 2022.

Remember to remove the content between [] brackets (including them) and replace it with the content that they specify.

You may need to disable and re-enable Universal SSL when you’ve done this. If you have any more questions, don’t hestiate to reply to this post. Hope it helps!

@larinascita2021 First of all, for security reasons, please remove now your Global API key from there and change it through the dashboard. It’s like a global password for your account.

What’s your operating system?

Also, remove the [] from the command. They were only intended for indicating which sections you need to change.

windows 10

Then press Win + R, and type cmd. After that, click enter.

got this

{“success”:false,“errors”:[{“code”:6007,“message”:“Malformed JSON in request body”}],“messages”:,“result”:null}

Ok. Open notepad and create a file called data.json in your desktop:

    "enabled": true,
    "certificate_authority": "digicert"

After that, open command prompt (cmd), type cd Desktop and run:

curl -sX PATCH "[DOMAIN_ZONE_ID_HERE]/ssl/universal/settings" -H "X-Auth-Email: [CLOUDFLARE_EMAIL_HERE]" -H "X-Auth-Key: [GLOBAL_API_KEY_HERE]" -H "Content-Type: application/json" --data @data.json

Remember to replace the required values and remove the square [] brackets from the command, else it won’t work.

Hope it works…

{“success”:false,“errors”:[{“code”:1401,“message”:“Invalid request parameter(s)”}],“messages”:,“result”:null}

Ok. Download Git for Windows, install it with the default parameters, open Git bash, run cd /c/Users/YOUR_USERNAME_HERE/Desktop and then type the last curl command.

Hope it helps!

i get this
{“success”:false,“errors”:[{“code”:1401,“message”:“Invalid request parameter(s)”}],“messages”:,“result”:null}

i think there is no solution

Don’t know, maybe a @MVP can help you with this issue…

i cant find to submit a support ticket

You can submit one at Please post your ticket number here, so that we can escalate it. Thanks.

there is no option tu submit ticket, only automated guide

Sorry for my late response. Please send an email to support[AT]cloudflare(DOT)com from your account’s email address. You’ll probably receive an automated response. Just reply to it saying that this issue needs to be solved by support.

After that, post your ticket here, so that we can escalate it.

@larinascita2021 I think I’ve figured out the mistake with my command. Try this on Windows’ Command prompt (cmd):

curl -sX PATCH "[DOMAIN_ZONE_ID_HERE]/ssl/universal/settings" -H "X-Auth-Email: [CLOUDFLARE_EMAIL_HERE]" -H "X-Auth-Key: [GLOBAL_API_KEY_HERE]" -H "Content-Type: application/json" --data "{\"certificate_authority\":\"digicert\"}"

Obviously replace the necessary values and remove square brackets [].


Have you solved your issue?