Unversal SSL Pending Validation

user6429 · February 27, 2023, 7:34pm

I set up Cloudflare a few months ago, all was OK.
I paused Cloudflare as I was in development, and now when I activate it again there is an SSL error.
For my surprise I realised there is NO active SSL anymore (I was using universal SSL).

I deactivate universal SSL, and reativated it. I waited for more than 24h but it was still in “pending validation”. I follow the guides (deactivate SSL, wait 5 min, activate again, wait 15 min) but no luck.

It is still pending.

I also check DNSSEC but there is no error.

cloonan · February 27, 2023, 9:07pm

Do you have a valid certificate on the origin server?

user6429 · February 27, 2023, 11:10pm

Yes, my hosting server uses lets encrypt certificate (https://www.lesielle.com)
Indeed when I first set up Cloudflare was working correctly. It is now that after a time with Cloudflare in pause, I wanted to reactivate it, and Universal SSL does not work anymore

user6429 · March 2, 2023, 9:53am

Still pending after more than 48h. Is anyone else with this problem or knows a way to solve it?

erisa-cf · March 2, 2023, 10:01am

Hi @user6429

It looks like you have an NS record configured on _acme-challenge.lesielle.com which is conflicting with UniversaL SSL and causing the verification to faiil:

lesielle.com.		172800	IN	NS	jean.ns.cloudflare.com.
lesielle.com.		172800	IN	NS	aragorn.ns.cloudflare.com.
;; Received 376 bytes from 192.31.80.30#53(d.gtld-servers.net) in 29 ms

_acme-challenge.lesielle.com. 300 IN	NS	lesielle.com.
;; Received 87 bytes from 173.245.58.121#53(jean.ns.cloudflare.com) in 36 ms

_acme-challenge.lesielle.com. 86400 IN	TXT	"-ccKY5LKlwKwVAVGmTiOLIK0aQRD6-pkdjosUn-vebA"

user6429 · March 2, 2023, 10:25am

hi @erisa-cf my hosting tells me that NS is to automatically renew the let encrypt certificate from my server so I can not delete it. What should I do then?

erisa-cf · March 2, 2023, 10:28am

Hi @user6429 what provider are you using that requires this configuration? Unfortunately the way they set that up conflicts with Cloudflare’s own certificate resolution.

I recommend reading this response to another similar topic regarding GreenGeeks:

user6429 · March 2, 2023, 1:59pm

hi @erisa-cf , I have removed from my hosting and installed there an standard annual SSL. Could you please check if now is solved and there is no conflict?

user6429 · March 3, 2023, 11:57pm

can anyone help me?
After removing the DNS TXT as @erisa-cf told me it should be solved, so no idea what I can do now…

Thanks

user6429 · March 4, 2023, 9:55am

Finally I solved myself. For anyone in my situation, in addition to delete the DNS records of “acme” in my hosting, it is necessary to do it too in the Cloudflare DNS section.

epic.network · March 4, 2023, 3:31pm

This is because once you have changed the DNS at your registrar to Cloudflare, the world will use those servers. The records in your previous DNS, such as your hosting in this scenario, are no longer consulted.

system · March 19, 2023, 3:32pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.