1&1 and Cloudflare CDN


#1

I use 1and1 for my hosting and I have used the normal CloudFlare CDN with great success. I have recently switched over to https, which means we needed to upgrade to CDN Plus, and purchase the starter ssl certificate which we did.

For those not familiar, all of this is done through 1and1’s package and control panel.

I have been 3 weeks working with 1and1 support trying to figure out why the site is not routing through the CDN correctly.

I have “Full SSL” selected and this is the code in my htaccess.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://www.mysite.com%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTP_HOST} !^www.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

As of right now the redirect works, but the site is bypassing the CDN, even though the settings show the root and www as selected for the CDN Plus package.

Any help is greatly appreciated


#2

Can you check your DNS record?

Do a dig www.yourdomain.tld and then the results should be something like a CNAME for www.yourdomain.tld.cdn.cloudflare.net or shows an IP address that should belongs to Cloudflare if you do a WHOIS check on the IP address.

If you do not have access to a terminal try this online tool instead:

https://gwhois.org/dns/

Further more, your NS record shown in your domain WHOIS should be 1&1’s as you are using their service as a Cloudflare Optimized Partner.


#3

Thanks for your response. I’m not 100% how to do a “dig”, but I did go to your link and here is what it returned
3600 A 74.208.236.104
3600 MX 10 mx00.1and1.com.
3600 MX 10 mx01.1and1.com.
172800 NS ns51.1and1.com.
172800 NS ns52.1and1.com.
86400 SOA ns51.1and1.com. hostmaster.1and1.com. 2016092401 28800 7200 604800 600


#4

Can you check the www version?

So, instead of putting yourdomain.tld on the link, try inputting www.yourdomain.tld.

If the result shows a CNAME with the value of www.yourdomain.tld.cdn.cloudflare.net, Cloudflare is activated but it will be on only on the www subdomain. If it shows other results, Cloudflare might not be on.


#5

So it appears that 1and1 made a change today to just the www which is now pointing to www.mysite.com.cdn.cloudflare.net - ttl is 3600 - type = cname …Still gets an error, which is explained below.

The non www version still shows the same results as above. In the 1and1 control panel the Name servers have 1and1 name servers selected and not “other name servers”.

If I scroll down the DNS control panel I see this “To use your domain with a third party application, set a CNAME record for a subdomain of your domain.” Which is where I see the www version pointed to cloudflare.
Should this only be set for the Subdomain or should it be set in both places.

So the same problem exists that has for the past few weeks, when I try to access the site when connected through the CDN I get this error message in the browser(Firefox and Chrome)
“An error occurred during a connection to www.mysite.com. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP”

Thanks for any help


#6

The proper DNS settings for a website managed by a Cloudflare partner are:

example.com      IN A     [ORIGINIP]
www.example.com  IN CNAME www.example.com.cdn.cloudflare.net

So your domain’s DNS is configured properly.

Regarding the SSL, sometimes error code SSL_ERROR_NO_CYPHER_OVERLAP, resulted because of Cloudflare has not generate a certificate for your domain. This can took up to 48 hours. If after 48 hours, you still get the error, please contact support.


#7

I don’t have a Cloudflare account, since this is through 1and1 as an optimized partner of Cloudflare, I don’t think Cloudflare offers support.
The SSL was purchased through 1and1, what has to happen in order for SSL to be active on Clouflare?


#8

The 1&1 Starter SSL you purchased will encrypt traffic from Cloudflare to your origin server. Your user will not see this certificate.

Instead, the user will see a Comodo-issued certificate that Cloudflare generate for their customer. A domain served by a Cloudflare Partner can also acquire such certificate provided that they correctly setup a random verification CNAME record. This should be done automatically by 1&1. Once the CNAME is verified, a certificate will be issued to your domain. This can take up to 48 hours.


#9

Thanks for all your repiles…We are well past 48 hours…more like 5 days and the browser is still showing the SSL error. 1and has really not been of any help.


#10

Current status of the domain you opened your helpdesk ticket with shows deleted in our system. May wish to try and reprovision with 1&1 (not sure what they will need to do exactly) or sign the domain up directly with Cloudflare depending on your preferences.

Sorry for the trouble, looks like an issue on their side?


#11

Would you be able to elaborate more on what “Deleted” would mean. The DNS is showing the www version pointing to CloudFlare.

Also, what I am currently doing is using a domain that gets basically no traffic as a test to get this working properly, since 1and1 says the site must be down the whole time in order to replicate the error.

When this is finally working, I actually need to remove this domain and switch another domain over to the CDN. What is the normal process once I assign a domain to the CDN Plus via the 1and1 control panel. What does Cloudflare have to do?


#12

Partners typically manage their domains and feature enablement via an automated API with Cloudflare. So the particulars of what the process looks like on their side is really a black box to us.

Replied to your help ticket with the particulars of the info you asked rather than posting it here.