We have a domain of
and right now we cannot use SSL, because we have an error “Pending Validation (TXT)”. microsoft-assistance.com
The record exists in the DNS zone, but not shown at the dash cloudflare page:
# dig -t TXT microsoft-assistance.com
; <<>> DiG 9.16.1-Ubuntu <<>> -t TXT microsoft-assistance.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18617
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;microsoft-assistance.com. IN TXT
;; ANSWER SECTION:
microsoft-assistance.com. 300 IN TXT "ca3-123b5f6df077496eaa86ccda1230c9d6"
;; Query time: 8 msec
;; SERVER: 188.8.131.52#53(184.108.40.206)
;; WHEN: Wed Mar 10 23:34:27 CET 2021
;; MSG SIZE rcvd: 102
I’d tried to add it manually, but dash panel shows that the record exists.
How can we fix the problem?
Are you trying to obtain an SSL certificate over your proxied domain via Cloudflare?
In other words, are the DNS records A or CNAME or ?
SSL provisioning can sometimes run into unexpected issues/delays. If you aren’t sure how long it should take, or what you can do to fix it, read on!
How long should it take for the certificate to be issued?
can often be issued in 10-15 minutes, but if you are using our FREE SSL feature it can sometimes take up to 24 hours. Please do not post here about delays until it has been “authorizing” for more than a day.
How do I get help?
If you have waited 24 hours, and there has been no…
Have you tried to do a step as follows here:
What usually works for me is to go to the bottom of the SSL/TLS page and Disable Universal SSL. Then wait 10 minutes, then turn it back on again and re-provision the certificate.
Your site is already set to
. Hopefully this works.
Kindly, check here and re-check the steps:
Try the suggestions in this Community Tip for best practices in certificate provisioning.
SSL certificates can often be issued in 10-15 minutes. If you are using free Universal SSL, it can take up to 24 hours. Please do not reach out for support until it has been “authorizing” for more than a day. Before contacting support, you may be able to successfully trouble shoot the issue with some of these Quick Fix Ideas.
Quick Fix Ideas
If you are using a CNAME …
You should contact your internal team at Microsoft for the process for issuing SSL certificates.
@fritex - right now it is proxied. I tried to disable the “cloud” and enable it again and this did not hepled (actually repeated the steps in this article)
@cs-cf did I understand you correctly that “microsoft” is banned word in the domain name, so that is why it is non standard procedure at Cloudflare to obtain the Universal Certificate?
Many large brands have agreements and controls with the major certificate vendors for issuance of certificates using their brand names. I don’t work for Microsoft and Cloudflare isn’t a CA but I imagine it’s highly likely that without using their documented process or presenting a LOA directly to the CA for issuance it isn’t going to happen by automated means.
If the CA refuses to issue a certificate, it’s not possible for Cloudflare to deploy it, so the request will likely stay in pending and then time out as unfilled.