Unversal SSL Pending Validation

I set up Cloudflare a few months ago, all was OK.
I paused Cloudflare as I was in development, and now when I activate it again there is an SSL error.
For my surprise I realised there is NO active SSL anymore (I was using universal SSL).

I deactivate universal SSL, and reativated it. I waited for more than 24h but it was still in “pending validation”. I follow the guides (deactivate SSL, wait 5 min, activate again, wait 15 min) but no luck.

It is still pending.

I also check DNSSEC but there is no error.

Do you have a valid certificate on the origin server?

Yes, my hosting server uses lets encrypt certificate (https://www.lesielle.com)
Indeed when I first set up Cloudflare was working correctly. It is now that after a time with Cloudflare in pause, I wanted to reactivate it, and Universal SSL does not work anymore

Still pending after more than 48h. Is anyone else with this problem or knows a way to solve it?

Hi @user6429

It looks like you have an NS record configured on _acme-challenge.lesielle.com which is conflicting with UniversaL SSL and causing the verification to faiil:

lesielle.com.		172800	IN	NS	jean.ns.cloudflare.com.
lesielle.com.		172800	IN	NS	aragorn.ns.cloudflare.com.
;; Received 376 bytes from in 29 ms

_acme-challenge.lesielle.com. 300 IN	NS	lesielle.com.
;; Received 87 bytes from in 36 ms

_acme-challenge.lesielle.com. 86400 IN	TXT	"-ccKY5LKlwKwVAVGmTiOLIK0aQRD6-pkdjosUn-vebA"

hi @erisa-cf my hosting tells me that NS is to automatically renew the let encrypt certificate from my server so I can not delete it. What should I do then?

Hi @user6429 what provider are you using that requires this configuration? Unfortunately the way they set that up conflicts with Cloudflare’s own certificate resolution.

I recommend reading this response to another similar topic regarding GreenGeeks:

hi @erisa-cf , I have removed from my hosting and installed there an standard annual SSL. Could you please check if now is solved and there is no conflict?

can anyone help me?
After removing the DNS TXT as @erisa-cf told me it should be solved, so no idea what I can do now…


Finally I solved myself. For anyone in my situation, in addition to delete the DNS records of “acme” in my hosting, it is necessary to do it too in the Cloudflare DNS section.

This is because once you have changed the DNS at your registrar to Cloudflare, the world will use those servers. The records in your previous DNS, such as your hosting in this scenario, are no longer consulted.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.