I’ve been running an application for the past year and using Cloudflare without problems. 2 weeks ago, I paused Heroku. Over the last day, our customers (and myself included) started receiving intermittent ‘invalid cert’ errors. When the request was valid, the presented cert was my let’s encrypt cert. When we a random ‘your connection is not private’ error happened, the cert was issued from mystore.soma.com. I thought this might have been a Heroku LB configuration issue but they said my DNS was configured incorrectly.
The punchline to my issue is that I had to change my CNAME and A records from my-heroku-app.herokuapp.com to my-heroku-app.com.herokudns.com because of pausing Cloudflare. This makes sense based on notes I’ve read on setting up Cloudflare to work with heroku and taking advantage of Cloudflare’s security and performance offerings. And it makes sense that if I pause Cloudflare and use them like any other DNS provider that I would have to change the settings back. Please correct me if I’m wrong.
However, I’m curious why this issue would take roughly 2 weeks to surface? I’m also curious if there’s any way I can support having DNS entries such that I can pause or un-pause Cloudflare without having to manage DNS or incur any DNS downtime.