I’m having trouble validating a Universal SSL Edge Certificate for several of my websites running through Cloudflare. The validation method is set as HTTP for each of the websites I’m having trouble with.
Although I’ve created the validation TXT for for each website, Cloudflare is unable to access it as all of the sites are created in WordPress with both WWW and HTTPS re-writes in place. This results in the URL provided by CF for the Cert validation request http://example.com/… being re-directed to https://www.example.com/…, proventing CF from completing the validation.
Within CF SSL/TLS Overview I have ’ Your SSL/TLS encryption mode is Full (strict)’ enabled.
Has anyone found a way around this?
Any help with suggestions will be greatly appreciated.
If you haven’t already, I’d highly recommend reaching out to our support (either through the dashboard or by sending an email to [email protected] from the email you’ve signed up with). They’ll be able to take a look on your zone config and tell you exactly why the universal certificate doesn’t get validated.
Just to give you some background on what options you have for validating your universal certificate:
By default the certificate will be issued by Digicert and validated by our edge serving the required token on http://yourdomain.com/.well-known/pki-validation/<cert_id>. Once you updated your nameservers, we will serve the validation content Digicert is looking for on the above path (even if you enabled a http → https redirect).
If you run into issues with option 1. you can alternatively change the DCV method for your universal certificate or upgrade to the Advanced Certificate Manager which allows you to switch to Let’s Encrypt and choose the validation method in the UI.
You mentioned you are using the SSL mode Full (strict). This mode has nothing to do with your edge certificate or its validation, it only influences how the Cloudflare edge sends requests to your origin server. You can find more info on the mode here.
Could it be because of your Web server security rules of .htacces or Nginx.conf / Vhost file to blocking any “dot” request.
Or you can try to setup the redirection or answer rule as a “200 success” with the needed “value”.
Try to disable the Cloudflare before renewing the SSL certificate (put the clouds from “orange” to “gray”) in the meantime of the process.