Universal SSL certificate blocked on "Pending Validation"

Hi,

I’ve created a free account with a simple goal: add URL forwarding from a domain I own, “kromatine.com”, to a store hosted in a marketplace, https://kromatine.storenvy.com.

The forwarding from HTTP works fine (i.e. http://kromatine.comhttps://kromatine.storeenvy.com). But the HTTPS access (i.e. from https://…) does not work, there is no response.

When I check the SSL/TLS > Edge Certificates page, I see the Universal SSL certificate stuck on the “Pending Validation (TXT)” status. I’ve tried to disable and re-enable the “Universal SSL” feature, waited 24h+, but still the same behavior.

I suspect this is the cause of the problem, any idea?

Configuration:

  • DNS provider: Name dot com (with Cloudflare nameservers)
  • Web hosting: Storenvy marketplace
  • SSL mode: tried both “Flexible” and “Full” (supported by Storenvy)

(I can’t put more than 4 links in my first post :grimacing:)

I visited your website, The SSL is working fine

You mean the URL forward http*s*://www.kromatine.com? I’ve tested with online sites (e.g. https://wheregoes.com/), they can’t resolve the https address either.

www.kromatine.com redirects to https://kromatine.storenvy.com

Yes, http://www.kromatine.com, but not http*s*://www.kromatine.com, there is no issue with the SSL connection on the target site, my issue is with the Cloudflare SSL connection.

DNSSEC is broken on the entire domain. That’s probably why a bunch of stuff isn’t working. You’ll have to disable it at your domain registrar.

https://dnsviz.net/d/kromatine.com/dnssec/

1 Like

the user won’t have the time to notice that your main domain is not secure, he would be immediately redirected , I think this is not an issue

Thank you for this feedback! I was not even aware of this feature :grimacing:

I’ve removed the existing DNSSEC config at my domain registrar and submitted the one provided by Cloudflare. I’ll give it more time to propagate, and I’ll follow up here.

I really appreciate the quick help, thanks again!

1 Like

the user won’t have the time to notice that your main domain is not secure, he would be immediately redirected , I think this is not an issue

No, actually the https://... address is not resolved, there is no redirection happening. And since modern browsers may automatically default the protocol to https, this is a blocker (not that this site is critical, just my wife’s hobby! :slightly_smiling_face:).

After fixing the DNSSEC config, disabling/re-enabling the Universal SSL certificate eventually worked (took ~1h), and the HTTPS connection now works fine! :partying_face:

Thank you, everyone!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.