Issue with Total TLS Certificate Renewal for Wildcard Subdomains
Hello,
I'm using Total TLS to generate SSL certificates for subdomains. When adding a new proxied wildcard subdomain (e.g., *.sub.example.com), I'm prompted to add a TXT DNS record for validation, which I do successfully.
However, after three months, without removing or modifying the DNS validation record, the certificate status changes to "Pending Validation (TXT)", preventing automatic renewal. The only way to resolve this is by manually updating the TXT record with a new validation value.
Is there a way to make the DNS validation persistent so that renewal happens automatically without requiring manual intervention every time?
Thank you in advance
7 Replies
Are you on a Full or Partial setup?
Partial setup
The main domain is on cloudflare, but the subdomain that i'm trying to get a certificate delegate his dns to Route 53
So is on Cloudflare, is on route 53 and you want to create an advanced cert for ?
Yes, the certificate is created, but not automatically renewed, because DNS validation failed during the renewal attempt
Is this the only certificate you need, or do you also need certificates for other services that can't be satisfied with an Origin cert?
I need multiple certificates, for clarity:
example.com is on Cloudflare, and a.example.com is on AWS (Route 53).
I need certificates for:
- *.a.example.com
- *.b.a.example.com
- *.c.a.example.com
- *.d.a.example.com
- etc.I understand that part. I mean, do you only need certs for Cloudflare, or also for other services? You can set up automated renewal for Cloudflare, but that would mean other services can no longer get certs.
https://developers.cloudflare.com/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/