Shopify SSL Pending After DNS Changes? Do This First

You’ve spent weeks polishing every product description and picking the perfect theme, only to have your launch vibe ruined by a Shopify SSL pending status. It’s incredibly frustrating because everything looks right on your dashboard, yet that tiny padlock icon refuses to appear. 

With nearly 99% of Chrome users expecting a secure connection, seeing “Not Secure” can feel like a red flag to your first customers. Let’s skip the fluff and look at the actual fixes in this post that will get your security status back on track so you can finally open your doors. Let’s get started!

Understanding SSL Certificates and Shopify’s SSL Pending Status

An SSL certificate (the modern protocol is TLS) secures your store’s domain by verifying the site’s identity and turning on HTTPS, which encrypts the connection between a shopper’s browser and your Shopify storefront. When it’s active, shoppers see HTTPS and a padlock icon in the address bar, and the encrypted connection helps protect what customers type from interception or alteration in transit.

So why does SSL matter so much for websites?

• It builds trust fast: shoppers are more likely to continue browsing when they see HTTPS, which can reduce bounce rate on landing pages and product pages
• It protects customer data: encryption helps stop sensitive details from being intercepted on public WiFi, especially during login and checkout
• It prevents scary browser warnings: without HTTPS, many browsers show “Not Secure,” which can kill add to cart clicks and hurt conversion rate
• It supports smoother checkout: fewer mixed content issues and fewer blocked requests mean fewer surprises when customers try to pay

On Shopify, SSL is designed to be hands-off. Shopify automatically issues a TLS certificate once your domain is connected correctly. If you connect a third-party domain by pointing your DNS records to Shopify, the certificate can take time to issue while the DNS change propagates across the internet. Shopify notes this can take up to 48 hours, and during that window, you might see a TLS or SSL pending message in your domain settings.

So, what does “SSL pending” mean in Shopify, in plain terms? Usually, it means the verification process is still in progress, not that your store is broken. Shopify is still checking the domain connection and provisioning the certificate. If the status stays pending beyond the window Shopify mentions, that’s when you should recheck DNS records or contact support.

How Long Does SSL Pending Take on Shopify?

Shopify SSL pending usually clears in 15 minutes to 24 hours. If you just connected a domain or changed DNS, it can take up to 48 hours. If you still see the Shopify domain SSL pending, first check whether you’re still within that 48-hour window.

The timing varies due to these factors:

• New domain: Shopify needs to verify the connection and provision a fresh certificate, so it often takes longer.
• Existing domain: it can still go pending after changes, but it often resolves faster once records settle.
• Recent DNS changes: each update must propagate globally, so edits can restart the wait.
• Provider caching delays: some registrars and ISPs cache DNS longer, so you may see pending even after saving the right records. 

The Most Common Reasons Shopify SSL Stays Pending

When Shopify SSL pending does not clear within the normal window, it usually comes down to domain routing or verification. Below are the issues Shopify sees most often, plus what they look like in real DNS settings.

DNS records aren’t pointing correctly to Shopify

Shopify can only issue an SSL when your domain points to Shopify’s servers. A small DNS mistake is enough to keep SSL stuck. Shopify’s required records include an A record of 23.227.38.65 and a CNAME of shops.myshopify.com (and in some cases an AAAA record for IPv6).

Common DNS problems:

• Wrong A record: the root domain points to an old host, a parking page, or the wrong IP instead of 23.227.38.65
• Missing or incorrect CNAME: www is not pointing to shops.myshopify.com, or it points to another service
• Conflicting records: you have multiple A records for the root, multiple CNAMEs for www, or leftover AAAA records pointing elsewhere, so Shopify cannot verify a single clear destination

DNS changes haven’t fully propagated

Even after you click “Save” in your domain provider, the new DNS records might not be live everywhere yet. DNS updates can take up to 48 hours to propagate across the internet, so Shopify may still read the old records from some DNS resolvers during that window and keep showing SSL pending. 

That’s also why different DNS check tools can show different results at the same time, because they’re querying different locations and caches.

A third-party service is interfering

If a CDN or proxy sits in front of your domain, Shopify may not be able to verify it directly.

Common blockers:

• Cloudflare proxy mode: the orange cloud on A or CNAME can trigger “proxy not supported” and block SSL provisioning
• Registrar-level SSL or forwarding: “secure redirect” features can mask the real DNS target and slow verification 

The domain was recently switched or re-added

If you moved the domain from another platform or removed and reconnected it, Shopify may need to re-verify before issuing a fresh certificate. During new DNS updates, SSL can show pending again until the records settle.

How to Fix Shopify SSL Pending

Step 1: Check your domain status in Shopify

Start by confirming what Shopify is seeing. In your Shopify admin, go to Settings → Domains, then click your custom domain. 

• If the domain is “Connected”, Shopify can read your DNS correctly. 
• If it shows “SSL pending”, Shopify is still provisioning the TLS certificate, and it can take up to 48 hours after a third-party domain connection.

Step 2: Verify DNS records at your domain provider

Once you know the domain is pending, move to DNS. Log in to your domain provider and open DNS settings for the exact domain you connected.

Check these basics (and fix anything that does not match):

1. A record points to Shopify’s IP (Shopify commonly shows 23.227.38.65, and some regions use a supported variation)

2. AAAA record points to Shopify’s IPv6 (2620:0127:f00f:5::)

3. www CNAME points to shops.myshopify.com.

4. Remove duplicates so you only have one A record, one AAAA record, and one www CNAME to Shopify

Step 3: Temporarily disable third-party proxies or CDNs

If you use Cloudflare or any proxy service, turn off proxy mode while Shopify verifies the domain. Shopify specifically flags a Cloudflare Proxy as unsupported for domain troubleshooting, because the proxy can block verification.

What to do:

• In Cloudflare DNS, switch the record to DNS only (not proxied)

• Wait until SSL is issued, then you can re-enable the proxy if needed

Step 4: Wait, and don’t keep changing settings

After you fix DNS, waiting is not “doing nothing.” It means DNS resolvers around the world are updating their caches. Shopify notes that DNS updates can take up to 48 hours to propagate, and SSL can stay pending during that window. 

Common mistakes that reset the timer:

• Editing records repeatedly “just to be safe.”
• Switching between different A records or adding extra records
• Toggling proxy settings on and off every few minutes

Step 5: Re-trigger SSL if it’s stuck

If it’s been more than 48 hours, Shopify says it usually indicates a setup issue, so re-check DNS and remove anything unsupported, like a proxy or DNSSEC. This is the point where the SSL pending Shopify stops being “normal wait time” and starts being a configuration problem.

Safe reset options (after DNS is correct):

• Remove the domain in Shopify and add it back (forces a fresh verification attempt)

• Temporarily switch the primary domain, then switch back (useful when Shopify’s Domains page needs a refresh)

 How to Check If Shopify SSL is Working Correctly

To confirm your Shopify SSL is live, check it in the browser and in the Shopify admin. Then do one quick test that avoids cache confusion. The particular things go as below: 

Browser HTTPS check

Open your homepage and a product page. Test both www and non-www versions of your domain. Your URL should start with https, and the HTTP version should redirect to https. In most browsers, you’ll see a padlock (or a “tune” icon in Chrome). Click it and look for “Connection is secure” and the certificate details.

Shopify admin indicators

In Shopify admin, go to Settings → Domains. Your custom domain should show Connected, and the SSL line should not say SSL pending or SSL unavailable. Shopify notes that TLS issuance for third-party domains can take up to 48 hours, so seeing pending during that window can be normal.

Clearing browser cache vs real SSL status

Clearing the cache can fix old redirects or mixed content warnings, but it does not activate SSL. For a clean view, use an incognito window or a different device and network. If Shopify still shows SSL pending after 48 hours, treat it as a DNS or proxy setup issue, not a browser issue.

When is SSL Pending Normal, and When is It a Problem?

Seeing Shopify SSL pending can be totally normal, but only in the right timing. Use the table below to quickly judge whether you should wait or start fixing DNS and proxies.

Status	Common situation	What it means	What to do next
Normal	Just connected a new domain	Shopify is verifying the domain and issuing TLS	Wait 15 minutes to 48 hours, and avoid editing DNS again
Normal	Recently updated DNS records	DNS is still propagating globally	Wait up to 48 hours, then recheck A and www CNAME
Normal	Changed the primary domain	Shopify is refreshing domain routing and HTTPS	Give it time, then test https on both www and non www
Problem	Pending for more than 48 hours	DNS mismatch, duplicates, or a proxy is blocking verification	Fix DNS, disable proxy, then re-trigger SSL
Problem	Domain says Connected but SSL never activates	DNS points to Shopify, but certificate provisioning is blocked or stuck	Check AAAA conflicts, DNSSEC, Cloudflare proxy; contact support if needed
Problem	Browser still shows Not secure after waiting	HTTPS is still not active, or you’re seeing cached results	Test incognito and another network; if still not secure, treat as a DNS or proxy issue

When Should You Contact Shopify Support about SSL Pending?

If you just connected a third-party domain, Shopify SSL pending can be normal for a while. Shopify says it can take up to 48 hours for the TLS certificate to be issued after you connect a domain. If the SSL message is still there after 48 hours, Shopify also notes this usually points to a domain provider setup problem, and that is the right time to escalate. 

Before you contact support, do a quick check. Make sure your DNS is correct and that no proxy is hiding your real DNS route. Shopify’s domain troubleshooting flow specifically calls out proxy settings as a common blocker. 

What Shopify Support will usually ask you for:

• Your full domain (include both www and non-www)
• Your domain provider name (GoDaddy, Namecheap, Cloudflare, etc.)
• A screenshot of Settings → Domains showing Connected and SSL pending
• Your current DNS records for the root domain and www (A, AAAA, CNAME), plus any duplicates
• Whether you use Cloudflare proxy (orange cloud) or any forwarding, DNSSEC, or registrar SSL features 

Typical resolution outcomes: Support confirms a DNS mismatch and tells you exactly what to change, then SSL clears once DNS propagates

• If DNS is correct, they may help reset or reissue the TLS certificate when provisioning gets stuck 
• If a proxy is involved, they may ask you to work with your domain host or CDN provider to remove the block, then retry 

How to Avoid SSL Issues on Shopify

Safe domain setup checklist:

1. Set one A record for @ to 23.227.38.65
2. Set one AAAA record for @ to 2620:0127:f00f:5::
3. Set www CNAME to shops.myshopify.com
4. Remove duplicates and any old forwarding records that point elsewhere

Best practices when changing DNS:

• Make changes once, then wait. Shopify notes that TLS provisioning can take up to 48 hours after connecting a third-party domain.
• Avoid switching records back and forth. Every change can extend the wait.
• Verify using Shopify Settings → Domains, not only one DNS checker.

If you manage multiple domains, keep one primary domain in Shopify and let Shopify handle redirects for the others. This reduces edge cases where shoppers land on a non-primary domain that is still pending SSL. 

When you add or remove domains, update DNS in a controlled way and avoid changing multiple domains in the same hour, because it makes it harder to identify which change triggered the SSL delay. If you use Cloudflare or another proxy in front of any domain, switch it to DNS only during verification so Shopify can confirm the domain directly and issue TLS cleanly.

Final thought

In general, don’t let Shopify SSL pending cost you sales. Run the checklist now, confirm the domain is truly connected, and stop editing DNS once it’s correct. If the timer hits 48 hours, escalate with Shopify Support and ask them to reprovision the certificate. Hope this post helps!

FAQs