Domain Propagation
Hello, I use cloudflare nameservers that links back to GoDaddy domain. Recently my server had an IP address change and I updated the A and WWW records to reflect the new IP address. It has been around 24hrs now but I am still unable to access my website using the domain name. Does it usually take so long for the IP address records to be updated?
10 Replies
If they're proxied you're just depending on internal propogation which is usually within 30 seconds or so. If it's not proxied, depending on ISP DNS Resolver caching and such which could be longer. What's the domain?
I believed it's proxied. nuspace.sg
I get a redirect loop.
If you go to the Cloudflare dashboard, and then websites -> click on your website, under SSL/TLS -> Overview, change the SSL Encryption mode to "Full (Strict)" if it's not already.
Magic link: https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls
Omg that solved it! Could u share with me what was the cause earlier?
Flexible, which is I assume it was set to before, makes Cloudflare send HTTP (plaintext) requests to your origin/web server. Lots of configurations these days by default redirect to HTTPS (secure), but that redirect is just proxied back to the visitor, Cloudflare doesn't follow it, so you end up with
Visitor -> HTTPS -> Cloudflare -> HTTP -> Origin -> Redirect
.. and again, and again
where now it's Visitor -> HTTPS -> Cloudflare -> HTTPS (Encryption Mode) -> Origin
I see. When it was flexible and using the previous IP address, it was okay. Why would a change in IP address break it?
It wouldn't, something else changed along with it. If GoDaddy transferred you to another server, the new server just had http redirects enabled on it
You really should never use Flexible to begin with, always Full (Strict), so if anything it just helped you fix that
A blessing in disguise indeed.
I also wanted to ask, I'm trying to have another server serving another website on the same domain but on a different port. For me to make the other website HTTPS, do I use certbot as well on the other server machine? My thinking is that I can only authenticate one SSL cert per domain and I shouldn't be using another server to authenticate another SSL cert.
There are limits with certbot/let's encrypt but they are way more then just 1
https://letsencrypt.org/docs/rate-limits/
The main limit is Certificates per Registered Domain (50 per week).If you are going to have it proxied behind Cloudflare, you could use Origin Certificates too https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/, under SSL/TLS -> Origin Server. They are trusted by Cloudflare's Proxy and can last up to 15 years
Alright. I'll look into those. Would having a same domain served by 2 different servers and having different SSL certs affect the domain?