Certificate Pending stuck while adding custom domain

I’ve created a domain on https://www.duckdns.org.
I’ve uploaded it as a custom domain to my Web Service (FastAPI) and the verification works but it’s stuck on “Certificate Pending” for a few days now and the domain doesn’t work.
Why does it happen and what can I do?
Thanks.

Hi there,
That domain is not pointing at a Render service,

$ dig +short CNAME www.duckdns.org.appservers-duckdns-prod-1630339571.ca-central-1.elb.amazonaws.com.

We can’t issue certificates until that is correct,

Regards,

Seems like it does.

$ dig esports.duckdns.org

; <<>> DiG 9.10.6 <<>> esports.duckdns.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9456
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;esports.duckdns.org.           IN      A

;; ANSWER SECTION:
esports.duckdns.org.    60      IN      A       216.24.57.1

;; Query time: 155 msec
;; SERVER: 100.95.0.251#53(100.95.0.251)
;; WHEN: Mon Jul 22 15:29:09 IDT 2024
;; MSG SIZE  rcvd: 64

Perhaps I’m missing something.
Care to explain please?

That’s a different domain, I was checking www.duckdns.org as that was what was in your original post.

Please use a CNAME to the onrender.com address for esports.duckdns.org and not the IP address as an A record, although that shouldn’t limit the certificate being issued. But first, start with that and then we can go from there.

Regards

duckdns doesn’t support setting CNAME records, only A records.
But Render says that I can use A records to point to the load balancer and it should work.
Why doesn’t it?

It will work, it’s more efficient to use the onrender.com address rather than the IP.

I’ve changed the certificate provider for the domain and the certificate is now issued and in place,

Regards,

I’ve also created esports.webredirect.org as a CNAME to esports-schedule.onrender.com.
Care to please check why that doesn’t work?

$ dig esports.webredirect.org

; <<>> DiG 9.10.6 <<>> esports.webredirect.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25101
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;esports.webredirect.org.       IN      A

;; ANSWER SECTION:
esports.webredirect.org. 120    IN      CNAME   esports-schedule.onrender.com.
esports-schedule.onrender.com. 300 IN   CNAME   gcp-us-west1-1.origin.onrender.com.
gcp-us-west1-1.origin.onrender.com. 174 IN CNAME gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net.
gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net. 54 IN A 216.24.57.4
gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net. 54 IN A 216.24.57.252

;; Query time: 193 msec
;; SERVER: 100.95.0.251#53(100.95.0.251)
;; WHEN: Mon Jul 22 17:13:36 IDT 2024
;; MSG SIZE  rcvd: 242

That particular domain is banned by our upstream provider, Cloudflare so we can’t get certificates issued for that. Typically it’s banned for commercial reasons between its owner and Cloudflare.

At this point, I’ll probably say that you’ll have a much better experience if you register your own domain and configure it to point at your service rather than trying to use these services that give you a sub-optimal experience,

Regards,

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.