Verifying Domain with CNAME

HI!

I got an email from Cloudflare saying to add a CNAME to re-issue SSL certificates for use on their network. I have had no issues up til now- apparently what I already had set up a while ago has gotten out of date.

I have to modify these values because the support window thinks I’m including links, which I am not. there’s a dot com after my domain and digicert and dot net after Cloudflare wherever listed.

I’m attaching a screenshot of the rest of my question, as this community support interface thinks I’m including links, which it says are not allowed (even though I have nothing linked).

Screen Shot 2022-06-17 at 3.00.29 PM|652x424

When I try to validate per the link they gave, it just says technical error. Not sure what else to do.

Thank you so much!
David

Is it a “Domain Control Validation (DCV) has failed” e-mail?

If so, I get them fairly often and have never actually taken action on one, the situation always seems to resolve itself on its own

I have Certificate Transparency Monitoring turned on so I normally get another e-mail a few minutes later saying whatever they were attempting to do has actually succeeded

If you don’t have this on try turning it on

that way whenever they generate a certificate successfully you’ll be notified, and if there was a failure e-mail before that you can probably ignore it?

If you don’t have the notifications turned on you’re probably just getting the failure messages and not seeing the followup success messages.

Why does it sometimes fail and then succeed immediately after? No idea

Thanks. That’s not the reason why I was sent the message. It was:
" As part of the Cloudflare SSL certificate renewal process, we need you to re-approve your domain so that we can re-issue SSL certificates for use on our network. If you previously validated this domain using the HTTP DCV method, you are receiving this email because your domain no longer resolves to Cloudflare’s edge and thus we cannot automatically complete the renewal process.

Your current certificate expires on Wed Jun 29 23:59:59 +0000 2022. If you do not complete the validation by the expiration date, Cloudflare will remove this certificate from the edge."

Hmm never saw that one before

Oh are you on a CNAME plan where you’re not actually using Cloudflare’s nameservers? That would explain why I’ve never seen it before (I’m poor)

anyway seems like they want you to set up a CNAME with name _ca3-blahblahblah.www.tommysholidaycamp.com which resolves to dcv.digicert.com

So you tried to do that through your Dreamhost DNS panel and it didn’t work?

If you do a nslookup on the _ca3-blahblahblah.www.tommysholidaycamp.com name (I’m not going to try to transcribe the whole thing from the screenshot) does it resolve?

Can you post a screenshot from your Dreamhost DNS page where you’re trying to add the CNAME?

it looks like they did actually successfully generate a certificate for you today though:

so seems like you’re good for at least a year
maybe your CNAME did actually work?

Oh cool! Thanks for seeing that! It’s just when I checked at the link they sent, it said there was a technical error. But yeah, maybe it’s just all good. At least for a year. Thank you so much!! :slight_smile:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.