SSL certificate & cloudflare

Website URL

daniel-j-radcliffe.pp.ua

Error Message

SSL certificate error: The provider encountered an error verifying the DNS settings of your domain name. Please double check your nameserver settings and try again later.

Error detail: Incorrect TXT record "hUv9Nc1tCYyVsFliuk8Hi-dqGT-hDG4P6EdlkdbG-_k" (and 1 more) found at _acme-challenge.daniel-j-radcliffe.pp.ua

Other Information

While trying to set up a new SSL certificate for my site, I’m getting the above error.

Not sure exactly what is causing this. I do use cloudflare, and my Cname records in cloudflare match those on my infinity free account. The only way I got it to work before was by temprarily bypassing the proxy on the Cname record, but even thats not working this time.

anyone with any experience of this?

thanks

Is this correct?

If yes, just wait

4 Likes

yes that’s the correct one.

The strage bit to me is the: "Incorrect TXT record “hUv9Nc1tCYyVsFliuk8Hi-dqGT-hDG4P6EdlkdbG-_k” "

I’ll give it 72 hours to make sure everythings propergated and try again.

thanks

1 Like

Side note probably unrelated to your issue, but you can remove all the records that include BODIS, that’s a parking page and you don’t need them.

5 Likes

Ah brill. I did wonder, but they were automatically set up by Cloudflare and I didn’t want to break anything.

I’ve decided to re-run the cloudflare setup, because I think I’ve broken something, since I’ve been changing a lot of settings recently. Its quick and easy to sort :slight_smile:

A CNAME record lookup will show our record, but if you do a TXT record lookup on the _acme-challenge subdomain instead, you don’t see it.

Instead, you’ll see several TXT records published there, served directly from Cloudflare’s nameservers.

That’s because Cloudflare needs to set these records to be able to obtain their SSL certificates to protect your website. But this can result in them overriding your own records. As far as I can tell, there is not a lot you can do about this except wait for Cloudflare to finish the SSL setup on their end and remove their records.

In the mean time, you can use Cloudflare with “Full” SSL mode instead, and just use a self-signed certificate on your hosting account. It’s not as secure as “Full (strict)” mode, but it’s secure enough for most websites.

6 Likes

That makes sense. Thanks for that :slight_smile:

So just bad timing that I was trying to do it at the same time as cloudflare lol

As a side note, if you still want to go the manual way, you don’t want to “temporarily” disable proxy on that CNAME record. You want to keep it disabled, otherwise it won’t work properly.

5 Likes

Thanks for the info. Will do

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.