I’ve configured my Domain Name to Cloudflare for its Benefits, and I’ve SSL/TLS Encryption Mode is flexible currently.
and Free Universal SSL - Pending Validation (txt) is there, and when I am clicking on the Host Name, then it’s expanding the Data, and there I am getting 2 acme_challenge text + values. and based on Docs currently, I’ve disabled the Proxied DNS until the activation of the Free Universal SSL.
but I am refreshing the page constantly as due to this Pending Validation (txt) my website is down and isn’t working… and after the constant refresh, like after 10 mins or something the acme_challenge + values aren’t there, and after 5 or 10 mins to that and I refresh the page again, acme_challenge is there but the value gets changed.
can anyone from Cloudflare or an expert help me to resolve this error?
also, in addition to my above question, I’ve registered my Domain Name from Porkbun and it’s also providing me the Free SSL Certificate too from Let’s Encrypt, but there’s no value of acme_challenge in the DNS Records.
At the domain registrar for the domain dhavalvira.com, Porkbun, you have DNSSEC enabled, and as such DNS resolvers across the world expect that your domain’s DNS data also holds cryptographic DNSSEC signatures, and that they will validate according to the DS record set that has been set from the domain registrar.
However, within Cloudflare, you do not currently have DNSSEC enabled, and as such, Cloudflare is obviously not adding any cryptographic signatures to your domain’s DNS data, and therefore, there are validation errors while trying to access your domain.
You have the following options to solve your problem:
→ If you want to have your domain’s DNS data to be protected with DNSSEC, do this:
NOTE: Alone enabling DNSSEC within Cloudflare (e.g. #1) will NOT be sufficient, if the data that Porkbun holds is NOT a 100% match to what the Cloudflare page says. The details Cloudflare ask you to add will be shown when you expand the view by clicking on the "DS Record → " on the Cloudflare link above.
→ If you do not want your domain’s DNS data to be protected with DNSSEC, you can do this:
After making any of the changes to through Porkbun, please be advised that it may take between 48-96 hours to fully propagate worldwide, which neither Cloudflare, Porkbun, nor anyone else can expedite.
and, also I can generate an SSL Certificate on Linux Server using certbot, but Free Universal SSL Certificate is still in Pending Verification (txt) , how to overcome that? because currently my website is down…