I have installed Let’s encrypt on my server and under Cloudflare’s SSL/TLS settings, I was using the Full (strict) setting. I have also added a DNS record of NS _acme-challenge so I will not have to manually update the site’s acme-challenge on Cloudflare. Everything was working fine but around half a month ago, the site was not accessible via any browser, and I was getting an SSL-related error.
After I checked the server (everything was working well) I saw on Cloudflare that the Universal SSL was pending. I disabled and re-enabled Universal SSL, but after 5 days now it still says “Cloudflare will validate the certificate on your behalf. No action is required.”
It seems to be stuck for some reason I can not figure out why.
I was using LE’s SSL cert on the origin host and I am using the setting I described in my last reply so that the acme-challenge can be updated correctly every 90 days that the SSL needs to be updated.
I have tried to download a cURL for windows and run it through cmd, but I might be doing something wrong. Digicert must also be enabled on the origin server? Currently let’s encrypt is a cron Job handled from the server itself.
I don’t know what this is exactly. I can see that is not enabled on the SSL tab.
No special CNAME setups. Just the usual www. and nothing more.
I have paused Cloudflare for this domain and re-enabled it to test If this was creating a problem with issuing the SSL. After that, I just unproxied the DNS records because the site was not accessible. It was popping an SSL error and the site was offline.
I have created a support ticket from my Cloudflare account and the ticket ID is 2511098.