I’ve configured my Domain Name to Cloudflare for its Benefits, and I’ve SSL/TLS Encryption Mode is flexible currently.
and Free Universal SSL - Pending Validation (txt) is there, and when I am clicking on the Host Name, then it’s expanding the Data, and there I am getting 2 acme_challenge text + values. and based on Docs currently, I’ve disabled the Proxied DNS until the activation of the Free Universal SSL.
but I am refreshing the page constantly as due to this Pending Validation (txt) my website is down and isn’t working… and after the constant refresh, like after 10 mins or something the acme_challenge + values aren’t there, and after 5 or 10 mins to that and I refresh the page again, acme_challenge is there but the value gets changed.
can anyone from Cloudflare or an expert help me to resolve this error?
also, in addition to my above question, I’ve registered my Domain Name from Porkbun and it’s also providing me the Free SSL Certificate too from Let’s Encrypt, but there’s no value of acme_challenge in the DNS Records.
At the domain registrar for the domain dhavalvira.com, Porkbun, you have DNSSEC enabled, and as such DNS resolvers across the world expect that your domain’s DNS data also holds cryptographic DNSSEC signatures, and that they will validate according to the DS record set that has been set from the domain registrar.
However, within Cloudflare, you do not currently have DNSSEC enabled, and as such, Cloudflare is obviously not adding any cryptographic signatures to your domain’s DNS data, and therefore, there are validation errors while trying to access your domain.
You have the following options to solve your problem:
→ If you want to have your domain’s DNS data to be protected with DNSSEC, do this:
Log in to Porkbun, and then go to:
→ Porkbun - Domain Name System Security (DNSSEC) for DHAVALVIRA.COM
→ Delete all the records you see under “Current DNSSEC Configuration” on this page.
→ Add a new one (typically using “dsData”) here, which MUST be a 100% match to the details you see in your Cloudflare account.
NOTE: Alone enabling DNSSEC within Cloudflare (e.g. #1) will NOT be sufficient, if the data that Porkbun holds is NOT a 100% match to what the Cloudflare page says. The details Cloudflare ask you to add will be shown when you expand the view by clicking on the "DS Record → " on the Cloudflare link above.
→ If you do not want your domain’s DNS data to be protected with DNSSEC, you can do this:
After making any of the changes to through Porkbun, please be advised that it may take between 48-96 hours to fully propagate worldwide, which neither Cloudflare, Porkbun, nor anyone else can expedite.
based on the steps you mentioned above, first I deleted the DNSSEC from Porkbun, then Enabled DNSSEC within Cloudflare, and in Porkbun DNSSEC, I copied the dsData from Cloudflare to Porkbun.
now I am refreshing the Universal SSL Page, it’s still in Pending Verification (txt), and when I am clicking on expand, I’m unable to see any acme_challenge text + values there.
the preferred option is either Full or Full (Strict) but currently Free Universal SSL Certificate is still in Pending Verification (txt), how to overcome that? because currently my website is down…
and, also I can generate an SSL Certificate on Linux Server using certbot, but Free Universal SSL Certificate is still in Pending Verification (txt) , how to overcome that? because currently my website is down…
I can have the SSL Certificate from Let’s Encrypt on my Linux Server using certbot but does afterward Pending Verification (txt) problem will be resolved?
Eventually it will fix it, but you have several issues here. The one mentioned by @DarkDeviL and a generally insecure server. You should first secure the server.
The Issue mentioned by @DarkDeviL regarding DNSSEC, that’s clear, I’ve Enabled Cloudflare and updated the same value in my registrar’s DNSSEC by deleting the old one.
so you’re referring that I should also secure my Server, and then change the SSL/TLS to Full (Strict) and see?
also, why Universal SSL is still in Pending Verification (txt)?
I’ve configured the SSL on my Server for dhavalvira.com using certbot which gives me Let’s Encrypt SSL Certificate, now what configuration I’ve to do in Cloduflare?
