Dns settings/diagonistic center

I ran a test on my website via cloudflare Diagnostic center and got these results. 1.your request failed with a response status of 400 or above. 2.The site’s web server responded with a status code that isn’t 200 (OK). 3.The hostname has no DS records.(I can fix this, once DNSSEC is approved in my cloudfare).I also got this notification on my dns settings.{A few more steps are required to complete your setup.}The number of lookups on your SPF record exceed the allowed limit of 10. This will result in emails failing SPF authentication. Not sure which one to delete. Please help.(grithealthfitness.com).

You have to use flexible SSL. Yours seems to have expired

its a new origin certificate i created last week. is that possible?

It’s possible if it’s self signed

I just created a new origin certificate in cloudflare and added it to my nginx server. I tried to reload my website. It says ssl handshake failed. Still same issue. Does it mean origin certificate doesnt work on full strict ?

Please do not make such suggestions. This is misleading users and makes their sites insecure.

1 Like

It absolutely does.

i can’t seem to figure out where i;m getting it wrong. it’s actually frustrating. I created a new origin certificate, but my site still shows ssl handshake failed

i meant no harm, just a little bit confused.

What’s your current encryption mode?

sha 256

No, the encryption mode on Cloudflare.

full strict. I just changed it from flexible to sull strict

You should not have Flexible in the first place, as that keeps your site insecure.

As for the error, it does not seem to be a certificate issue but rather an overall issue with your SSL configuration. I’d pause Cloudflare (Overview screen, bottom right) and make sure the site loads without errors on HTTPS first. You will get a certificate warning in the context of an Origin certificate, but you can ignore this for once.

I just paused cloudflare now and reloaded my website. (Secure Connection Failed)

Precisely, you have an issue with your server’s SSL configuration. You need to fix that first.

(the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful.) This is the message i get after getting all the configuration done in nginx server. Where could i be getting it wrong ?

Something in the configuration won’t be correct, otherwise you wouldn’t get that error. I’d check the log files. If there’s no clear error message I’d ask in an Nginx forum for details.

okay, thanks for your time.

No worries. Once it loads fine, it will also work on Cloudflare. Keep in mind with an Origin certificate you will get a certificate warning in the browser, until you proxy the record.