Changing DNS A Record IP Addresses – Question

Good afternoon,
We moved our domain registrar to GoDaddy and are also now hosting the domain through GoDaddy as well. We have the new IP Addresses associated with GoDaddy’s hosting. We were wondering: Do we update all A Records in our CloudFlare DNS to reflect the new IP Addresses?

If so, does the site temporarily go down during a propagation time period?

Please advise.
Tyler

Yes, absolutely.

If the site is proxied it will be pretty much instantaneous. If it is not proxied regular DNS propagation will apply.

Hi @sandro! Thanks for the response! We attempted this previously, and the website went down. We weren’t sure if it was propagation though, and reversed the IP’s to the old ones. – If the site goes down due to propagation, what does that typically look like?

And when you say if the site is proxied, what do you mean by proxied?

Apologies for my ignorance!!
Thanks for your help!
Tyler

Are the records marked as :orange: or :grey:?

@sandro Oh! I follow! They have the orange cloud! And they had the orange cloud previously when the site went down after we added the new IP’s to the DNS. Do you have any idea why the site might’ve gone down if the records are proxied?

Impossible to say at this point. But if your site is properly working on HTTPS it shouldnt be an issue. Being proxied there wont be any propagation either. Only for the mail records as these wont be proxied.

Okay @sandro ! So should we just go ahead and update the IPs, and if the site goes down even though it’s proxied, should we wait a certain time period to see if it’s because of propagation?

If so, how long should we wait before reverting the IP address back?

We can clarify this beforehand here. Would you be comfortabe sharing the IP address here?

Hi @sandro,
Sure! The existing IP Address is 166.62.27.168. The new IP Address that we’re trying to update it to is 104.238.69.231.

Does this help understanding why the site might’ve gone down previously?
Tyler

And the domain?

Also, you do have a valid certificate on the new server, don’t you?

@sandro The domain is torquedieselmotorsports.com. We do have a valid certificate, yes. GoDaddy set up all of the new hosting, we are just responsible for changing the IP Addresses in the DNS. However, when we did so, that’s what caused the site to go down.

Please let me know if you need any further information to help! :slight_smile:

I am afraid, on both addresses the certificate seems to be broken

$ openssl s_client -connect 104.238.69.231:443 -servername torquedieselmotorsports.com
CONNECTED(00000003)
3069448192:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../ssl/record/rec_layer_s3.c:1407:SSL alert number 80
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 212 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1593005795
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

You first need to fix this SSL issue on your new server.

@sandro Thanks for the insight! Let me forward this to our GoDaddy rep to see why the SSL isn’t already set up… I believe he said they wait to set up the SSL until after the IP Addresses have been applied, and the domain name has been assigned to the new location within their systems. I’ll circle back around to you! :slight_smile:

Thank you for all of your help!!!

Hi @sandro,
So I was reviewing all of notes that I took when we tried updating the IP’s last time, and this is what I have and wanted to follow up with you while we wait for our GoDaddy rep to respond:

  • I was previously told that the SSL Certificate auto-applies to GoDaddy domains after the IP’s are updated in the DNS A records.
  • Previously, when the site went down after we updated the A records the first time, the GoDaddy CDN was also active on the new IP Address. The GoDaddy rep thought that maybe the GoDaddy CDN being active at the same time as CloudFlare’s CDN might have been what caused the site to go down. – What do you think?

Curious to hear your thoughts on the above!
Tyler

That is something your host needs to clarify I am afraid.

That shouldn’t be an issue. As long as you have a valid certificate on your server, the connection should work. At this point you just need to make sure you have such a certificate on your server. If they cannot provision it in time you might also want to look into Cloudflare’s Origin certificates.

@sandro Okay! Thanks for the confirmation! I’ll continue to wait on our GoDaddy rep to confirm when the SSL is applied to the domain and will circle back around once I have those answers.

Thanks again for your help! :slight_smile:
Tyler

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.