Universal SSL stucks in Pending after 30 hours

Answer these questions to help the Community help you with Security questions.

What is the domain name?
freeinternetforallisanormalrightforeveryoneandweshouldstandfori.store

Have you searched for an answer?
yes and did not find any clear answer!

Please share your search results url:
This
this
this
this

When you tested your domain, what were the results?
it’s been 30h now!

Describe the issue you are having:
this domain I can’t get the universal ssl for it.
does the length of domain matter to get SSL?

What error message or number are you receiving?
I didn’t get any error messages.

What steps have you taken to resolve the issue?

  1. waiting 24h
  2. disabled and enabled universal ssl
  3. searching the web and community

Was the site working with SSL prior to adding it to Cloudflare?
I don’t have site on this domain, need it for other reasons.

What are the steps to reproduce the error:

  1. I don know.

Have you tried from another browser and/or incognito mode?
yes nothing changed.
my other domains are doing well but this one that I just registered from Namecheap has this issue!
Please attach a screenshot of the error:

The Common Name (CN) of a certificate has a 64 character limit.

The apex / naked domain / root domain you’re mentioning appears to have the length of 69, which exceeds that restriction.

1 Like

So there is no way to get ssl?
I should decrease the characters?

thanks!

The restriction SHOULD be tied to the Common Name (CN) alone, and not to the subjectAltName / Subject Alternative Name (SAN) field.

Not if you’re planning to rely on the free Universal SSL.

In theory, you SHOULD be able to workaround a such limitation, by using another (sub-)domain name that is less than the 64 characters as the Common Name (CN) for your certificate.

For example, it should work just fine when having a Common Name (CN) of example.com, with the following subjectAltName / Subject Alternative Name (SAN) names in the certificate:

example.com
freeinternetforallisanormalrightforeveryoneandweshouldstandfori.store
*.freeinternetforallisanormalrightforeveryoneandweshouldstandfori.store

example.com can literally be anything, as long as it is less than the 64 character limit.

However, a such workaround cannot be made with the free Universal SSL.

On the Business plan, you do have the opportunity to upload your own certificate, which would allow for such a workaround, however, it would also give you the “burden” of having to maintain the certificate on your own and regularly upload a new one to Cloudflare, such as when it gets near to it’s expiration.

2 Likes

Thank you Dark for your complete answer!
I should purchase a new domain.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.