Hi, we have a client raising a complaint that all their domains under the same cPanel hosting is now subject to a Cloudflare secure connection check when accessing the site for the first time. It also has impacted their web app as the API received content from cloudfire.quest instead of the actual domain, rendering their app currently unusable.
What we couldn’t wrap our heads around this issue is we have never installed or enabled Cloudflare protection for this client’s hosting and domains; in fact we have never enabled Cloudflare at cPanel level for all our clients.
How we troubleshoot this so far:
- We confirmed with the domain registrars that the domains for this client has not underwent any nameserver changes.
- We confirmed that the affected domains do not have any Cloudflare related DNS records set.
- The web app developer sent us a screenshot of a GET request from their API confirming that the request returned content from cloudfire.quest instead of their domain.
- We tested the domains on several browsers. On Chrome a prompt requiring user to click “Allow” for the domain to send notifications with the message “need to review the security of your connection before proceeding” will appear for several seconds before automatically redirects to the domain landing page. On Edge the URL changes to .cloudfire.quest during the message, but there is no prompt to click “Allow” and the redirection to the domain landing page happens automatically after a few seconds as well. On Firefox there is no message and the domain landing page loads as normal.
At this point to the best of our knowledge the only suspect left is the SSL certificate; these domains are using cPanel’s AutoSSL and the most recent renewal happened just a few days ago. While we are applying for a paid SSL to see if this is the main cause, would like to ask around here to see if there are any other inputs that we may have missed.
Do let me know if more information is needed to assist on this issue. Thanks again.