CloudFlare tunnel with Partner hosted zone triggers Forbidden page

Hi,

Recently Siteground migrated from using Cloudflare to its own CDN, but some features are now not working anymore and I’m not sure to what it is related.

We wanted to setup a Cloudflare tunnel (Cloudflare Tunnel ) to create a public api some docker cotnainers. I added a CNAME records for each subnet we want to use a tunnel for: e.g. api.example.com CNAME api.example.com.cdn.cloudflare.net. This routing is working when testing with nslookup. When the containers are not up and running I see an error page of Cloudflare mentioning this fact.

Once the containers are running I get a 403 Forbidden page in white with nginx-Cloudflare mentioned. Further no branding from Cloudflare. The weirdest thing is when I visit the website I do get a single request through to the container for the favicon.ico but nothing else.

I’ve tested this entire setup identically on a different website which has Cloudflare authorotive DNS and then it just works.

The only difference is that Siteground is our authorative DNS server and on our Cloudflare website dns page it is mentioned as a parntership with Siteground.


Here is a picture and the valid Cloudflare certificate for one of the sub domains.