Cloudflare subdomain will not redirect to Amazon s3 bucket

I’m trying to set up Cloudflare to redirect to a static web client hosted in an Amazon s3 bucket. It all works great until I try to set up the CNAME DNS record in Cloudflare.

I want the domain to be so I create a new CNAME record in Cloudflare with name ‘cal’ and value ‘’ . It seems to get set up ok but as soon as I try the url I just get a timeout.

Tried a bunch of things on this with no success - it’s very frustrating. Any ideas?

Is the bucket name exactly “”?

It resolves and does load the page

Are you possibly trying to access it via HTTPS? That wouldnt work as your server simply does not respond to HTTPS.

Thanks for the quick replies guys.

@Judge , yes the bucket name is

@sandro ok I think you might have isolated the problem! I use Cloudflare for a bunch of other subdomains associated with this domain and I have the SSL setting in Cloudflare set to always on (full). So this was sending a request to AWS via SSL which AWS was refusing.

I guess if you set the SSL setting to ‘flexible’ it will allow non SSL traffic between Cloudflare and AWS. Unfortunately when I tried this it bought down the other (live) sub-domains - so there was a moment of panic there!

I’m going to have to have a think about this one I think. Might be better just to set up a file server on Digital Ocean or something so a) the CNAME is just an IP address and b) you can cheaply and easily install SSL certificates if you need them.

Thanks for your help!

You could use a page rule to set it to Flexible for that specific host, however I generally advise against Flexible. Its quite deceiving to users, the connection appears to be encrypted but that encryption vanishes the moment the connection continues on to your server.

1 Like

£$%^£$%^ That works!! [cries]

Agree, not sure about this from a security point of view. I was keen to do this with AWS because, well that just seems to be the way everyone does this. But file servers and SSL certs are cheap as chips and I think that’s really the correct way to do this - you can’t say the connection is secure when half the connection is not secure.

Thanks again for your help.

Precisely! I can understand why Cloudflare is offering it, but IMHO they really shouldnt.

Anyhow, I am glad its working, but I’d really recommend to use it only as temporary workaround and setup a proper SSL environment on your Amazon instance. Otherwise simply use the same page rule to turn off HTTPS for that host and it will be at least transparent that there is no encryption in place. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.