I have domains associated with a repo in Pages but 1 of them hasn't resolved.
All the domains aside from aiopie.com and www.aiopie.com resolve. Aiopie.com returns an ssl cypher overlap error and when I try to use the universal certificate it gets stuck in the validation phase.
6 Replies
for
aiopie.com
DNSSEC is enabled/configured at your Registrar, register.com, with an invalid configuration, it's specifying 3 different digest algs and the wrong keytag, etc.
; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for aiopie.com.)
https://dnsviz.net/d/aiopie.com/dnssec/
You’ll want to either outright disable DNSSEC, or update your DNSSEC configuration with the information Cloudflare gives you:
https://developers.cloudflare.com/dns/additional-options/dnssec/
These changes to your DNSSEC Configuration can be done at your Registrar, register.com.I can't... When I point the nameservers to Cloudflare, all DNS settings are blocked off. If I were to disable DNSSEC I would have to have it pointed to the default web.com nameservers... unless I am missing something...
You're correct in the sense that most DNS settings at your Registrar do not matter when you are using an external nameservers.
DNSSEC is very much something your registrar has full and sole control over though. They push your dnssec config to the tld (i.e com's nameservers).
So I have to get in touch with web.com then
Either to update the dnssec config or just disable it outright
once that's fixed, you could disable universal cert, wait ~5-10 minutes and re-enable to try to speed up the issuing, and readd the Custom Domain. Not sure how long it's been, but SSL Issuance has a backoff period where it'll eventually slow and give up on issuing
ok thanks for your help